Verfügbarkeit: Digital forensics and incident response

Digital forensics and incident response: incident response techniques and procedures to respond to modern cyber threats

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Johansen, Gerard (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Birmingham ; Mumbai Packt Juni 2020
Ausgabe:	second edition
Schlagworte:	Computerforensik
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	vii, 433 Seiten Illustrationen, Diagramme
ISBN:	9781838649005

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV046418608
003	DE-604
005	20201102
007	t
008	200211s2020 a\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9781838649005 \|9 978-1-83864-900-5
035			\|a (OCoLC)1139256488
035			\|a (DE-599)BVBBV046418608
040			\|a DE-604 \|b ger
041	0		\|a eng
049			\|a DE-739 \|a DE-706
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
100	1		\|a Johansen, Gerard \|e Verfasser \|0 (DE-588)1205294872 \|4 aut
245	1	0	\|a Digital forensics and incident response \|b incident response techniques and procedures to respond to modern cyber threats \|c Gerard Johansen
250			\|a second edition
264		1	\|a Birmingham ; Mumbai \|b Packt \|c Juni 2020
300			\|a vii, 433 Seiten \|b Illustrationen, Diagramme
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a Computerforensik \|0 (DE-588)4774034-6 \|2 gnd \|9 rswk-swf
689	0	0	\|a Computerforensik \|0 (DE-588)4774034-6 \|D s
689	0		\|5 DE-604
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=031831080&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-031831080

Datensatz im Suchindex

_version_	1804180962154643456
adam_text	Table of Contents Preface_____________________________________________________ 1 Section 1: Foundations of Incident Response and Digital Forensics Chapter 1 : Understanding Incident Response g The incident response process ю The role of digital forensics The incident response framework The incident response charter CSIRT CSIRT core team Technical support personnel Organizational support personnel External resources The incident response plan Incident classification The incident response playbook Escalation procedures Testing the incident response framework Summary Questions Further reading Chapter 2: Managing Cyber incidents Engaging the incident response team CSIRT models Security Operations Center escalation SOC and CSIRT combined CSIRT fusion center The war room Communications Staff rotation Incorporating crisis communications Internal communications External communications Public notification Investigating incidents Incorporating containment strategies Getting back to normal - eradication and recovery 14 14 15 17 17 20 21 23 24 26 27 30 31 32 33 34 35 Յ6 36 37 38 40 41 42 42 43 43 44 45 46 48 51 Table of Contents Eradication strategies Recovery strategies Summary Questions Further reading Chapter 3: Fundamentals of Digital Forensics Legal aspects Laws and regulations Rules of evidence 51 53 54 54 55 57 58 58 59 Digital forensics fundamentals во A brief history The digital forensics process Identification Preservation Collection 61 62 63 64 64 65 Proper evidence handling Chain of custody Examination Analysis Presentation Digital forensic lab Physical security Tools Hardware Software Linux forensic tools Jump kits Summary Questions Further reading 66 70 71 71 72 72 73 73 75 76 81 85 85 86 Section 2: Evidence Acquisition Chapter 4: Collecting Network Evidence An overview of network evidence Preparation Network diagram Configuration Firewalls and proxy logs Firewalls Web proxy server NetFlow Packet captures tcpdump WinPcap and RawCap Wireshark 89 90 92 92 93 94 94 95 95 97 97 101 104 Table of Contents Evidence collection Summary Questions Further reading Chapter 5: Acquiring Host-Based Evidence Preparation Order of volatility Evidence acquisition Evidence collection procedures Acquiring volatile memory 106 109 109 no 111 112 113 114 115 ив 117 Local acquisition FTK Imager Winpmem RAM Capturer Remote acquisition Winpmem Virtual machines 118 120 123 125 125 126 Acquiring non-volatile evidence 127 CyLR.exe Checking for encryption 128 130 Summary Questions Further reading Chapter 6: Forensic imaging Understanding forensic imaging Imaging tools Preparing a stage drive Using write blockers Imaging techniques Dead imaging Imaging using FTK Imager Live imaging Remote memory acquisition WnPmem F-Response Virtual machines Linux imaging 132 132 133 135 136 139 140 145 146 146 147 157 159 159 160 165 167 Summary 172 Questions 172 Further reading 173 Section 3: Analyzing Evidence Chapter 7: Analyzing Network Evidence ---------------------------------------------------------------- 177 tiiiļ ---------------------------------------------------------------- Table of Contents Network evidence overview Analyzing firewall and proxy logs DNS blacklists SIEM tools The Elastic Stack Analyzing NetFlow Analyzing packet captures Command-line tools Moloch Wireshark Summary Questions Further reading Chapter 8: Analyzing System Memory Memory analysis overview Memory analysis methodology SANS six-part methodology Network connections methodology Memory analysis tools Memory analysis with Rediine Redline analysis process Rediine process analysis Memory analysis with Volatility Installing Volatility Working with Volatility Volatility image information Volatility process analysis Process list Process scan Process tree DLL list Handles plugin LDR modules Process xview Volatility network analysis connscan Volatility evidence extraction Memory dump DLL file dump Executable dump Memory analysis with strings Installing Strings IP address search HTTP Search Summary ------------------------------------------------------ 178 179 180 182 182 183 185 185 187 192 201 201 202 203 204 205 205 206 207 207 207 214 218 219 219 220 220 221 221 222 223 224 225 226 227 228 229 229 230 230 231 232 233 233 234 tiv] ------------------------------------------------------- Table of Contents Questions Further reading Chapter 9: Analyzing System Storage Forensic platforms Autopsy 235 235 237 2Յ8 240 Installing Autopsy Opening a case Navigating Autopsy Examining a case Web artifacts Email Attached devices Deleted files Keyword searches Timeline analysis 241 241 246 250 252 255 256 257 258 260 MFT analysis Registry analysis Summary 264 Questions 270 262 26Ց Further reading Chapter 10: Analyzing Log Files Logging and log management Working with event management systems Security Onion Elastic Stack 273 274 276 279 280 281 Understanding Windows logs Analyzing Windows event logs 285 Acquisition Triage Analysis Event Log Explorer Analyzing logs with Skadi 286 288 291 291 296 Summary Questions Further reading Chapter 11 : Writing the Incident Report Documentation overview What to document Types of documentation Sources Audience 302 302 зоз 305 зоб зоб 308 309 310 Incident tracking 311 311 Fast Incident Response ---------------------------------------------------- 271 [v] --------------------------------------------------- Table of Contents Written reports 320 Executive summary Incident report Forensic report 321 321 323 Summary 327 Questions 327 Further reading 328 Section 4: Specialist Topics Chapter 12: Malware Analysis for Incident Response Malware classifications Malware analysis overview Static analysis Dynamic analysis ззб Analyzing malware 337 338 Static analysis ClamAV PeStudio REMnux YARA 338 339 342 346 348 Dynamic analysis Malware sandbox Process Explorer Process Spawn Control Cuckoo Sandbox 349 350 351 Summary Questions Further reading Chapter 13: Leveraging Threat Intelligence Understanding threat intelligence Threat intelligence types Pyramid of pain Threat intelligence sources Internally developed sources Commercial sourcing Open source Threat intelligence platforms MISP threat sharing Using threat intelligence Proactive threat intelligence --------------------------------------------------------- 353 359 360 З60 361 З62 365 366 Threat intelligence methodology Threat intelligence direction Cyber kill chain Diamond model 331 332 334 335 367 369 369 371 372 372 373 374 375 375 З81 382 [vi] --------------------------------------------------------- Table of Contents Reactive threat intelligence Autopsy Adding lOCs to Rediine Yara and Loki Summary Questions Further reading Chapter 14: Hunting for Threats The threat hunting maturity model Threat hunt cycle Initiating event Creating a working hypothesis Leveraging threat intelligence Applying forensic techniques Identifying new indicators Enriching the existing hypothesis MITRE ATT CK Threat hunt planning Threat hunt reporting Summary Questions Further reading Appendix 383 384 385 387 392 392 393 395 396 398 398 400 400 401 402 402 403 405 407 409 409 410 411 Assessment 415 Other Books You May Enjoy Index 419 423 [vii]
any_adam_object	1
author	Johansen, Gerard
author_GND	(DE-588)1205294872
author_facet	Johansen, Gerard
author_role	aut
author_sort	Johansen, Gerard
author_variant	g j gj
building	Verbundindex
bvnumber	BV046418608
classification_rvk	ST 277
ctrlnum	(OCoLC)1139256488 (DE-599)BVBBV046418608
discipline	Informatik
edition	second edition
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01346nam a2200325 c 4500</leader><controlfield tag="001">BV046418608</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20201102 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">200211s2020 a\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781838649005</subfield><subfield code="9">978-1-83864-900-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1139256488</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV046418608</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield><subfield code="a">DE-706</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Johansen, Gerard</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1205294872</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Digital forensics and incident response</subfield><subfield code="b">incident response techniques and procedures to respond to modern cyber threats</subfield><subfield code="c">Gerard Johansen</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">second edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham ; Mumbai</subfield><subfield code="b">Packt</subfield><subfield code="c">Juni 2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">vii, 433 Seiten</subfield><subfield code="b">Illustrationen, Diagramme</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computerforensik</subfield><subfield code="0">(DE-588)4774034-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computerforensik</subfield><subfield code="0">(DE-588)4774034-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=031831080&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-031831080</subfield></datafield></record></collection>
id	DE-604.BV046418608
illustrated	Illustrated
indexdate	2024-07-10T08:44:05Z
institution	BVB
isbn	9781838649005
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-031831080
oclc_num	1139256488
open_access_boolean
owner	DE-739 DE-706
owner_facet	DE-739 DE-706
physical	vii, 433 Seiten Illustrationen, Diagramme
publishDate	2020
publishDateSearch	2020
publishDateSort	2020
publisher	Packt
record_format	marc
spelling	Johansen, Gerard Verfasser (DE-588)1205294872 aut Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats Gerard Johansen second edition Birmingham ; Mumbai Packt Juni 2020 vii, 433 Seiten Illustrationen, Diagramme txt rdacontent n rdamedia nc rdacarrier Computerforensik (DE-588)4774034-6 gnd rswk-swf Computerforensik (DE-588)4774034-6 s DE-604 Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=031831080&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Johansen, Gerard Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats Computerforensik (DE-588)4774034-6 gnd
subject_GND	(DE-588)4774034-6
title	Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats
title_auth	Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats
title_exact_search	Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats
title_full	Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats Gerard Johansen
title_fullStr	Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats Gerard Johansen
title_full_unstemmed	Digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats Gerard Johansen
title_short	Digital forensics and incident response
title_sort	digital forensics and incident response incident response techniques and procedures to respond to modern cyber threats
title_sub	incident response techniques and procedures to respond to modern cyber threats
topic	Computerforensik (DE-588)4774034-6 gnd
topic_facet	Computerforensik
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=031831080&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT johansengerard digitalforensicsandincidentresponseincidentresponsetechniquesandprocedurestorespondtomoderncyberthreats

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge