Cargando…

Digital forensics and incident response : incident response tools and techniques for effective cyber threat response /

Build your organization's cyber defense system by effectively applying digital forensics, incident management, and investigation techniques to real-world cyber threats. An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing y...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Johansen, Gerard (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing Ltd., 2022.
Edición:Third edition.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Foundations of Incident Response and Digital Forensics
  • Chapter 1: Understanding Incident Response
  • The IR process
  • The role of digital forensics
  • The IR framework
  • The IR charter
  • CSIRT team
  • The IR plan
  • Incident classification
  • The IR playbook/handbook
  • Escalation process
  • Testing the IR framework
  • Summary
  • Questions
  • Further reading
  • Chapter 2: Managing Cyber Incidents
  • Engaging the incident response team
  • CSIRT engagement models
  • Investigating incidents
  • The CSIRT war room
  • Communications
  • Rotating staff
  • SOAR
  • Incorporating crisis communications
  • Internal communications
  • External communications
  • Public notification
  • Incorporating containment strategies
  • Getting back to normal
  • eradication, recovery, and post-incident activity
  • Summary
  • Questions
  • Further reading
  • Chapter 3: Fundamentals of Digital Forensics
  • An overview of forensic science
  • Locard's exchange principle
  • Legal issues in digital forensics
  • Law and regulations
  • Rules of evidence
  • Forensic procedures in incident response
  • A brief history of digital forensics
  • The digital forensics process
  • The digital forensics lab
  • Summary
  • Questions
  • Further reading
  • Chapter 4: Investigation Methodology
  • An intrusion analysis case study: The Cuckoo's Egg
  • Types of incident investigation analysis
  • Functional digital forensic investigation methodology
  • Identification and scoping
  • Collecting evidence
  • The initial event analysis
  • The preliminary correlation
  • Event normalization
  • Event deconfliction
  • The second correlation
  • The timeline
  • Kill chain analysis
  • Reporting
  • The cyber kill chain
  • The diamond model of intrusion analysis
  • Diamond model axioms
  • A combined diamond model and kill chain intrusion analysis
  • Attribution
  • Summary
  • Questions
  • Part 2: Evidence Acquisition
  • Chapter 5: Collecting Network Evidence
  • An overview of network evidence
  • Preparation
  • A network diagram
  • Configuration
  • Firewalls and proxy logs
  • Firewalls
  • Web application firewalls
  • Web proxy servers
  • NetFlow
  • Packet capture
  • tcpdump
  • WinPcap and RawCap
  • Wireshark
  • Evidence collection
  • Summary
  • Questions
  • Further reading
  • Chapter 6: Acquiring Host-Based Evidence
  • Preparation
  • Order of volatility
  • Evidence acquisition
  • Evidence collection procedures
  • Acquiring volatile memory
  • FTK Imager
  • WinPmem
  • RAM Capturer
  • Virtual systems
  • Acquiring non-volatile evidence
  • FTK obtaining protected files
  • The CyLR response tool
  • Kroll Artifact Parser and Extractor
  • Summary
  • Questions
  • Further reading
  • Chapter 7: Remote Evidence Collection
  • Enterprise incident response challenges
  • Endpoint detection and response
  • Velociraptor overview and deployment
  • Velociraptor server
  • Velociraptor Windows collector
  • Velociraptor scenarios