B18571_TOC - Digital Forensics and Incident Response

Preface

Part 1: Foundations of Incident Response and Digital Forensics

1 Understanding Incident Response

The IR process

The role of digital forensics

The IR framework

The IR charter

CSIRT team

The IR plan

Incident classification

The IR playbook/handbook

Escalation process

Testing the IR framework

Summary

Questions

2 Managing Cyber Incidents

Engaging the incident response team

CSIRT engagement models

Investigating incidents

The CSIRT war room

Communications

Rotating staff

SOAR

Incorporating crisis communications

Internal communications

External communications

Public notification

Incorporating containment strategies

Getting back to normal – eradication, recovery, and post-incident activity

Summary

Questions

Get Digital Forensics and Incident Response - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics and Incident Response - Third Edition by Gerard Johansen

Table of Contents

Preface

Part 1: Foundations of Incident Response and Digital Forensics

1

Understanding Incident Response

The IR process

The role of digital forensics

The IR framework

The IR charter

CSIRT team

The IR plan

Incident classification

The IR playbook/handbook

Escalation process

Testing the IR framework

Summary

Questions

Further reading

2

Managing Cyber Incidents

Engaging the incident response team

CSIRT engagement models

Investigating incidents

The CSIRT war room

Communications

Rotating staff

SOAR

Incorporating crisis communications

Internal communications

External communications

Public notification

Incorporating containment strategies

Getting back to normal – eradication, recovery, and post-incident activity

Summary

Questions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly