وبلاگ بلیان

Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition

معرفی کتاب «Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition» نوشتهٔ Gerard Johansen، منتشرشده توسط نشر Packt Publishing Limited در سال 2020. این کتاب در 5 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

Build your organization's cyber defense system by effectively implementing digital forensics and incident management techniques Key Features Create a solid incident response framework and manage cyber incidents effectively Perform malware analysis for effective incident response Explore real-life scenarios that effectively use threat intelligence and modeling techniques Book DescriptionAn understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you'll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You'll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you'll discover the role that threat intelligence plays in the incident response process. You'll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you'll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.What you will learn Create and deploy an incident response capability within your own organization Perform proper evidence acquisition and handling Analyze the evidence collected and determine the root cause of a security incident Become well-versed with memory and log analysis Integrate digital forensic techniques and procedures into the overall incident response process Understand the different techniques for threat hunting Write effective incident reports that document the key findings of your analysis Who this book is for This book is for cybersecurity and information security professionals who want to implement digital forensics and incident response in their organization. You will also find the book helpful if you are new to the concept of digital forensics and are looking to get started with the fundamentals. A basic understanding of operating systems and some knowledge of networking fundamentals are required to get started with this book. ]]> Cover Title Page Copyright and Credits About Packt Contributors Table of Contents Preface Section 1: Foundations of Incident Response and Digital Forensics Chapter 1: Understanding Incident Response The incident response process The role of digital forensics The incident response framework The incident response charter CSIRT CSIRT core team Technical support personnel Organizational support personnel External resources The incident response plan Incident classification The incident response playbook Escalation procedures Testing the incident response framework Summary Questions Further reading Chapter 2: Managing Cyber Incidents Engaging the incident response team CSIRT models Security Operations Center escalation SOC and CSIRT combined CSIRT fusion center The war room Communications Staff rotation Incorporating crisis communications Internal communications External communications Public notification Investigating incidents Incorporating containment strategies Getting back to normal – eradication and recovery Eradication strategies Recovery strategies Summary Questions Further reading Chapter 3: Fundamentals of Digital Forensics Legal aspects Laws and regulations Rules of evidence Digital forensics fundamentals A brief history The digital forensics process Identification Preservation Collection Proper evidence handling Chain of custody Examination Analysis Presentation Digital forensics lab Physical security Tools Hardware Software Linux forensic tools Jump kits Summary Questions Further reading Section 2: Evidence Acquisition Chapter 4: Collecting Network Evidence An overview of network evidence Preparation Network diagram Configuration Firewalls and proxy logs Firewalls Web proxy server NetFlow Packet captures tcpdump WinPcap and RawCap Wireshark Evidence collection Summary Questions Further reading Chapter 5: Acquiring Host-Based Evidence Preparation Order of Volatility Evidence acquisition Evidence collection procedures Acquiring volatile memory Local acquisition FTK Imager WinPmem RAM Capturer Remote acquisition WinPmem Virtual machines Acquiring non-volatile evidence CyLR.exe Checking for encryption Summary Questions Further reading Chapter 6: Forensic Imaging Understanding forensic imaging Imaging tools Preparing a stage drive Using write blockers Imaging techniques Dead imaging Imaging using FTK Imager Live imaging Remote memory acquisition WinPmem F-Response Virtual machines Linux imaging Summary Questions Further reading Section 3: Analyzing Evidence Chapter 7: Analyzing Network Evidence Network evidence overview Analyzing firewall and proxy logs DNS blacklists SIEM tools The Elastic Stack Analyzing NetFlow Analyzing packet captures Command-line tools Moloch Wireshark Summary Questions Further reading Chapter 8: Analyzing System Memory Memory analysis overview Memory analysis methodology SANS six-part methodology Network connections methodology Memory analysis tools Memory analysis with Redline Redline analysis process Redline process analysis Memory analysis with Volatility Installing Volatility Working with Volatility Volatility image information Volatility process analysis Process list Process scan Process tree DLL list The handles plugin LDR modules Process xview Volatility network analysis connscan Volatility evidence extraction Memory dump DLL file dump Executable dump Memory analysis with strings Installing Strings IP address search HTTP search Summary Questions Further reading Chapter 9: Analyzing System Storage Forensic platforms Autopsy Installing Autopsy Opening a case Navigating Autopsy Examining a case Web artifacts Email Attached devices Deleted files Keyword searches Timeline analysis MFT analysis Registry analysis Summary Questions Further reading Chapter 10: Analyzing Log Files Logging and log management Working with event management systems Security Onion The Elastic Stack Understanding Windows logs Analyzing Windows event logs Acquisition Triage Analysis Event Log Explorer Analyzing logs with Skadi Summary Questions Further reading Chapter 11: Writing the Incident Report Documentation overview What to document Types of documentation Sources Audience Incident tracking Fast Incident Response Written reports Executive summary Incident report Forensic report Summary Questions Further reading Section 4: Specialist Topics Chapter 12: Malware Analysis for Incident Response Malware classifications Malware analysis overview Static analysis Dynamic analysis Analyzing malware Static analysis ClamAV PeStudio REMnux YARA Dynamic analysis Malware sandbox Process Explorer Process Spawn Control Cuckoo Sandbox Summary Questions Further reading Chapter 13: Leveraging Threat Intelligence Understanding threat intelligence Threat intelligence types Pyramid of pain Threat intelligence methodology Threat intelligence direction Cyber kill chain Diamond model Threat intelligence sources Internally developed sources Commercial sourcing Open source Threat intelligence platforms MISP threat sharing Using threat intelligence Proactive threat intelligence Reactive threat intelligence Autopsy Adding IOCs to Redline Yara and Loki Summary Questions Further reading Chapter 14: Hunting for Threats The threat hunting maturity model Threat hunt cycle Initiating event Creating a working hypothesis Leveraging threat intelligence Applying forensic techniques Identifying new indicators Enriching the existing hypothesis MITRE ATT&CK Threat hunt planning Threat hunt reporting Summary Questions Further reading Appendix Assessment Other Books You May Enjoy Index BBuild your organization's cyber defense system by effectively implementing digital forensics and incident management techniques/b h4Key Features/h4 ulliCreate a solid incident response framework and manage cyber incidents effectively /li liPerform malware analysis for effective incident response /li liExplore real-life scenarios that effectively use threat intelligence and modeling techniques/li/ul h4Book Description/h4 An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you'll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You'll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you'll discover the role that threat intelligence plays in the incident response process. You'll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you'll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization. h4What you will learn/h4 ulliCreate and deploy an incident response capability within your own organization /li liPerform proper evidence acquisition and handling /li liAnalyze the evidence collected and determine the root cause of a security incident /li liBecome well-versed with memory and log analysis /li liIntegrate digital forensic techniques and procedures into the overall incident response process /li liUnderstand the different techniques for threat hunting /li liWrite effective incident reports that document the key findings of your analysis/li/ul h4Who this book is for/h4 This book is for cybersecurity and information security professionals who want to implement digital forensics and incident response in their organization. You will also find the book helpful if you are new to the concept of digital forensics and are looking to get started with the fundamentals. A basic understanding of operating systems and some knowledge of networking fundamentals are required to get started with this book An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is a must for all organizations. This book offers concrete and detailed guidance on how to conduct the full spectrum of incident response and digital forensic activities.
دانلود کتاب Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition