Home > Categories > Cybersecurity > Digital Forensics and Incident Response
Digital Forensics and Incident Response
📥 Download PDF

Digital Forensics and Incident Response

by Gerard Johansen

Cybersecurity

Book Details

Book Title

Digital Forensics and Incident Response Incident response tools and techniques for effective cyber threat response Edition: 3

Author

Gerard Johansen

Publisher

Packt Publishing

Publication Date

2022

ISBN

9781803238678

Number of Pages

532

Language

English

Format

PDF

File Size

11.4MB

Subject

Computers > Security

Table of Contents

  • Cover
  • Title Page
  • Copyright
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Foundations of Incident Response and Digital Forensics
  • Chapter 1: Understanding Incident Response
  • The IR process
  • The IR framework
  • The IR plan
  • The IR playbook/handbook
  • Testing the IR framework
  • Summary
  • Questions
  • Further reading
  • Chapter 2: Managing Cyber Incidents
  • Engaging the incident response team
  • SOAR
  • Incorporating crisis communications
  • Incorporating containment strategies
  • Getting back to normal – eradication, recovery, and post-incident activity
  • Summary
  • Questions
  • Further reading
  • Chapter 3: Fundamentals of Digital Forensics
  • An overview of forensic science
  • Locard’s exchange principle
  • Legal issues in digital forensics
  • Forensic procedures in incident response
  • Summary
  • Questions
  • Further reading
  • Chapter 4: Investigation Methodology
  • An intrusion analysis case study: The Cuckoo’s Egg
  • Types of incident investigation analysis
  • Functional digital forensic investigation methodology
  • The cyber kill chain
  • The diamond model of intrusion analysis
  • Summary
  • Questions
  • Part 2: Evidence Acquisition
  • Chapter 5: Collecting Network Evidence
  • An overview of network evidence
  • Firewalls and proxy logs
  • NetFlow
  • Packet capture
  • Wireshark
  • Evidence collection
  • Summary
  • Questions
  • Further reading
  • Chapter 6: Acquiring Host-Based Evidence
  • Preparation
  • Order of volatility
  • Evidence acquisition
  • Acquiring volatile memory
  • Acquiring non-volatile evidence
  • Summary
  • Questions
  • Further reading
  • Chapter 7: Remote Evidence Collection
  • Enterprise incident response challenges
  • Endpoint detection and response
  • Velociraptor overview and deployment
  • Velociraptor scenarios
  • Summary
  • Questions
  • Chapter 8: Forensic Imaging
  • Understanding forensic imaging
  • Tools for imaging
  • Preparing a staging drive
  • Using write blockers
  • Imaging techniques
  • Summary
  • Questions
  • Further reading
  • Part 3: Evidence Analysis
  • Chapter 9: Analyzing Network Evidence
  • Network evidence overview
  • Analyzing firewall and proxy logs
  • Analyzing NetFlow
  • Analyzing packet captures
  • Summary
  • Questions
  • Further reading
  • Chapter 10: Analyzing System Memory
  • Memory analysis overview
  • Memory analysis methodology
  • Memory analysis tools
  • Memory analysis with Strings
  • Summary
  • Questions
  • Further reading
  • Chapter 11: Analyzing System Storage
  • Forensic platforms
  • Autopsy
  • Master File Table analysis
  • Prefetch analysis
  • Registry analysis
  • Summary
  • Questions
  • Further reading
  • Chapter 12: Analyzing Log Files
  • Logs and log management
  • Working with SIEMs
  • Windows Logs
  • Analyzing Windows Event Logs
  • Summary
  • Questions
  • Further reading
  • Chapter 13: Writing the Incident Report
  • Documentation overview
  • Executive summary
  • Incident investigation report
  • Forensic report
  • Preparing the incident and forensic report
  • Summary
  • Questions
  • Further reading
  • Part 4: Ransomware Incident Response
  • Chapter 14: Ransomware Preparation and Response
  • History of ransomware
  • Conti ransomware case study
  • Proper ransomware preparation
  • Eradication and recovery
  • Summary
  • Questions
  • Further reading
  • Chapter 15: Ransomware Investigations
  • Ransomware initial access and execution
  • Discovering credential access and theft
  • Investigating post-exploitation frameworks
  • Command and Control
  • Investigating lateral movement techniques
  • Summary
  • Questions
  • Further reading
  • Part 5: Threat Intelligence and Hunting
  • Chapter 16: Malware Analysis for Incident Response
  • Malware analysis overview
  • Setting up a malware sandbox
  • Static analysis
  • Dynamic analysis
  • ClamAV
  • YARA
  • Summary
  • Questions
  • Further reading
  • Chapter 17: Leveraging Threat Intelligence
  • Threat intelligence overview
  • Sourcing threat intelligence
  • The MITRE ATT&CK framework
  • Working with IOCs and IOAs
  • Threat intelligence and incident response
  • Summary
  • Questions
  • Further reading
  • Chapter 18: Threat Hunting
  • Threat hunting overview
  • Crafting a hypothesis
  • Planning a hunt
  • Digital forensic techniques for threat hunting
  • EDR for threat hunting
  • Summary
  • Questions
  • Further reading
  • Appendix
  • Assessments
  • Index
  • About Packt
  • Other Books You May Enjoy