book

Computer Incident Response and Forensics Team Management

by Leighton Johnson

November 2013

Intermediate to advanced

352 pages

8h 44m

English

Syngress

Read now

Unlock full access

Methodology #1Methodology #2Post-incident Activity
Types of Technical Skills NeededTypes of Personal Skills Needed
SIRT IR PoliciesCorporate IR Strategy and General Use Security Policies
PrivacyEthicsInvestigation Guidelines
US GovernmentCanadian GovernmentEU
PrepareIdentifyPreserveSelectExamineClassifyAnalyzePresent
Member CriteriaMember ExpertiseMember Certification
Forensics Analysis ProcessData CollectionChain of CustodyEvidence Handling and ControlEvidence “Hand-over” to External Parties, LEOHardware Specific Acquisition—SIM Cards, Cell Phone, USB Storage, etc.Data Type Acquisition—Audio Files, Video Files, Image Files, Network Files, Log FilesInvestigation ProcessExamination ProcessData ReviewResearch RequirementsForensics ReportingAnalysis of ResultsExpert Witness Process
Chain of EvidenceUS Federal Rules of Civil ProcedureUK Civil Procedure Rules
Types of Forensics ToolsTools for Specific Operating Systems and Platforms
Reasons for Legal, Statutory, and Regulatory ComplianceUS Criteria, Laws, and RegulationsEU Criteria, Laws, and Regulations
Investigator’s Code of ConductUse of Templates for Information Recording
External Considerations
Corporate Level Management ConsiderationsCorporate Needs to Support the Team ActivitiesThird-Party Support During and After Events
Basic IT Control and Security Areas of Interest
The Incident Response TeamThe Forensics TeamFinal Words
Incident Response Online Resources
USEU

Overview

Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members.

Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components.

Provides readers with a complete handbook on computer incident response from the perspective of forensics team management
Identify the key steps to completing a successful computer incident response investigation
Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams