Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Digital Forensics and Incident Response

You're reading from   Digital Forensics and Incident Response A practical guide to deploying digital forensic techniques in response to cyber security incidents

Arrow left icon
Product type Paperback
Published in Jul 2017
Publisher Packt
ISBN-13 9781787288683
Length 324 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Gerard Johansen Gerard Johansen
Author Profile Icon Gerard Johansen
Gerard Johansen
Arrow right icon
View More author details
Toc

What this book covers

Chapter 1, Incident Response, addresses the incident response process and how to create an incident response framework for use within an enterprise, which allows for an orderly investigation and remediation of a cyber security incident.

Chapter 2 , Forensics Fundamentals,focuses on the fundamental aspects of digital forensics. This includes a brief history of digital forensics, the basic elements of forensic science, and integrating these techniques into the incident response framework.

Chapter 3 , Network Evidence Collection, focuses on the network-based evidence. This includes logs from network devices such as firewalls, routers, proxy servers, and other layer 2 and 3 devices. The chapter also focuses on acquiring network-based evidence from these sources.

Chapter 4, Host-Based Evidence, compromised hosts contain a good deal of forensically valuable information. In this chapter, the reader guided through the process of using free tools to acquire the running volatile memory, log files, and other evidence on a running system.

Chapter 5, Understanding Forensics Imaging, hard disk drives from compromised systems may contain a great deal of evidence.Furthermore, in cases of fraud or other cybercrimes, most of the evidence that is valuable is obtained from the HDD. As a result, the proper acquisition of this evidence is critical. To do this requires a forensically sound process. This chapter details the steps necessary to properly image a suspect HDD.

Chapter 6, Network Evidence Analysis, using free tools such as tcpdump and Wireshark, the reader is guided through the analysis process to identify evidence such as command and control traffic or data exfiltration. Readers are also be guided through correlating firewall and proxy logs with packet captures.

Chapter 7, Analyzing System Memory,explores the methods for identifying potential malicious code present within the memory of a compromised system. This includes using commonly available tools and methods to identify processes, network connections, and registry key settings associated with potentially malicious software.

Chapter 8, Analyzing System Storage,consists of an overview of several tools and methods available for extracting potential evidence from previously imaged HDDs. An examination of tools and methods is undertaken, but it should be noted that, due to the complexity and depth of digital forensic examination, this will serve only to highlight specific areas.

Chapter 9, Forensic Reporting, reporting the findings from an incident is a critical step that is often overlooked. In this chapter, the reader is guided through preparing a report for use by internal stakeholders and potential external legal entities. The end goal is to have a report prepared that can stand the scrutiny of a court of law.

Chapter 10, Malware Analysis,will provide an overview of the methods that can be deployed for examining malware in a sandbox environment. This provides incident responders with reverse engineering skills an environment to deploy a suspected piece of malware for investigation.

Chapter 11, Threat Intelligence, threat intelligence is a relatively new concept in the information security space, and in particular to the incident response field. In this chapter, the reader will be guided through a review of threat intelligence and how to incorporate that into their incident response framework and processes.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image