Hands-on Incident Response and Digital Forensics

Table of contents

1. Front Cover
2. Half-Title Page
3. BCS, THE CHARTERED INSTITUTE FOR IT
4. Title Page
5. Copyright Page
6. Contents
7. List of figures
8. Author
9. Foreword
10. Acknowledgements
11. Glossary
12. Useful websites
13. Preface
14. Introduction
    1. Incident response
    2. Digital forensics
    3. Why both?
    4. Hands-on
    5. How this book fits in
15. Part 1 Incident Response
    1. 1. Understanding Information Security Incidents
       1. What is an information security incident?
       2. Types of incident
       3. Detecting security incidents
       4. Why do security incidents happen?
       5. Summary
    2. 2. Before the Incident
       1. Building the incident response playbook
       2. Testing the playbook
       3. Incident planning and compliance
       4. Forensic readiness
       5. Summary
    3. 3. The Incident Response Process
       1. Identification
       2. Containment
       3. Eradication
       4. Recovery
       5. Summary
    4. 4. Things to Avoid During Incident Response
       1. Eradication and preservation
       2. An incident from an incident
       3. The blame game
       4. It’s not over until it’s over
       5. Summary
    5. 5. After the Incident
       1. Post mortem
       2. Quantify the impact
       3. Forensics
       4. Summary
    6. 6. The Business of Incident Response
       1. Request for proposal
       2. The power of PR
       3. Mergers and acquisitions
       4. Escape the technical bubble
       5. Incident response service providers
       6. Summary
16. Part 2 Digital Forensics
    1. 7. Introducing the Digital Forensics Investigation
       1. The investigator
       2. Forensics fundamentals
       3. Arriving at an investigation
       4. Investigative process
       5. Summary
    2. 8. The Laws and Ethics of Digital Forensics
       1. Crimes without borders
       2. Laws applicable to forensics
       3. Ethical considerations
       4. Summary
    3. 9. Digital Forensics Tools
       1. Grab bag
       2. Forensic hardware
       3. Forensic software
       4. Summary
    4. 10. Evidence Acquisition Basics
       1. The hard disk drive
       2. Removable media
       3. Processing disk images
       4. File systems
       5. Operating systems
       6. Files
       7. Analysis of artefacts
       8. Summary
    5. 11. Capturing a Moving Target
       1. Incident response and digital forensics
       2. Live acquisition drivers
       3. Live acquisition technique
       4. Order of volatility
       5. Network forensics
       6. Summary
    6. 12. Memory Forensics
       1. Understanding memory devices
       2. Capturing
       3. Analysis
       4. Summary
    7. 13. Cloud Forensics
       1. Cloud computing terminology
       2. Acquisition in the cloud
       3. Container forensics
       4. Forensics in the cloud?
       5. Summary
    8. 14. Mobile Device Forensics
       1. Mobile phone terminology
       2. Seizing mobile devices
       3. Acquisition types and tools
       4. Smartphones
       5. Summary
    9. 15. Reporting and Presenting Your Findings
       1. Layout and content
       2. Audience
       3. Summary
    10. 16. The Human Elements of an Investigation
        1. Victims
        2. Perpetrators
        3. Investigators
        4. Summary
17. Index
18. Back Cover