How would your organisation cope with a cyber attack? Pinpoint and close vulnerabilities using effective computer forensics!
The primary purpose of computer forensics is to enable organisations to pinpoint where the malware has infected their computer systems and which files have been infected, so that they can close the vulnerability. More and more organisations have realised that they need to acquire a forensic capability to ensure they are ready to cope with an information security incident.
This pocket guide illustrates the technical complexities involved in computer forensics, and shows managers what makes the discipline relevant to their organisation. For technical staff, the book offers an invaluable insight into the key processes and procedures that are required.
Benefits to business include:
- Defend your company effectively against attacks By developing a computer forensic capability, your organisation will be better prepared to defend itself in the event of a cyber attack. Surveys of the threat landscape have indicated a significant upswing of insider activity. Forensics within the organisation can be used to identify possible insider misuse of systems or information. In addition, this pocket guide looks at how you can optimise your IT infrastructure so as to enhance the efficiency of incident analysis. This will also minimise the operational impact on your computer systems in the event that a forensic analysis is required.
- Be proactive Being proactive does not just mean making sure your organisation's IT infrastructure is one that can support forensic analysis of incidents. Forensics is now no longer merely a tool to identify what has gone wrong: it can also be used as a mechanism for alerting you to the fact that something has gone wrong. Being proactive therefore implies stepping up your organisation's ability to detect attacks. Detection of attacks is an extremely useful attribute for your organisation to have: the sooner you know about the problem, the sooner you can begin to deal with it.
- Secure evidence that will stand up in court Undertaking forensics is not a simple task. It is not always possible to understand the true consequences of insider misuse until after completion of the investigation. Once the extent of the damage becomes clear, you may want to exercise the option of taking legal action against the perpetrator. This means that it is essential for you to follow correct procedure, so as to safeguard any evidence gathered. This book explains the key steps you need to take to maintain the integrity of the investigation and preserve the evidence.
- Counter encryption Encryption is a double-edged sword. Encryption has a legitimate purpose as a tool deployed by information security professionals. However, the opportunity to conceal data has obvious attractions for the criminal, meaning that encryption is also a technique widely used by hackers. This book looks at how encryption is used to impede a forensic investigation, and examines ways of solving the problem. The most effective tactic for countering encryption is to locate the key material and crack the password that protects it, using a password cracker such as Cain & Abel.
Tools, techniques and procedures
The underground economy makes millions of pounds a year from cybercrime. Because no system or network can be completely secure, any sensible organisation will have mechanisms in place in advance to deal with the consequences of a cyber attack. Digital forensics assists companies and public sector organisations to identify how and where their computer systems have been abused.
The purpose of this pocket guide is to provide an introduction to the tools, techniques and procedures utilised within computer forensics. It is an easy to understand, introductory text, which gives an overview of the digital forensics domain, discussing procedural, technical and human-related aspects, without confiusing readers with technical jargon.
'...In view of the significance of information assets for modern organisations and the number of high profile incidents that come to the light of publicity, this Pocket Guide is an essential resource for every IT professional…'
Theo Tryfonas, Lecturer in Systems Engineering, University of Bristol
Buy this book and harness the power of computer forensics to benefit your organisation!
Table of Contents
- ABOUT THE AUTHOR
- CHAPTER 1: THE ROLE OF FORENSICS WITHIN ORGANISATIONS
- CHAPTER 2: BE PREPARED – PROACTIVE FORENSICS
- CHAPTER 3: FORENSIC ACQUISITION OF DATA
- CHAPTER 4: FORENSIC ANALYSIS OF DATA
- CHAPTER 5: ANTI-FORENSICS AND ENCRYPTION
- CHAPTER 6: EMBEDDED AND NETWORK FORENSICS
- Specialist books in Computer Forensics
- General books
- File and operating system specific books
- Network forensic books
- Software and tools
- Case management tools
- Data acquisition tools
- File carving tools
- Live analysis tools
- Password cracking tools
- Web resources
- Assistant Chief Police Officers (ACPO) Good Practice Guide for Computer-Based Electronic Evidence
- CERT – Software Engineering Institute, Carnegie Mellon University
- CSO Online – ‘The Rise of Anti-Forensics’ by Scott Berinato (June 2007)
- Digital Forensic Research Workshop (DFRWS)
- NIST Computer Forensics Reference Data Sets (CFReDS) Project
- NIST Computer Forensics Tool Testing Project
- NIST Computer Security Resource Centre
- NIST National Software Reference Library (NSRL)
- SANS Institute – Mobile Device Forensics by Andrew Martin
- US Government Accountability Office (GAO) – Public and Private Entities Face Challenges in Addressing Cyber Threats
- ITG RESOURCES
- Title: Computer Forensics: A Pocket Guide
- Release date: April 2010
- Publisher(s): IT Governance Publishing
- ISBN: 9781849281607