O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hands-on Incident Response and Digital Forensics

Book Description

Incident response is the method by which organisations take steps to identify and recover from an information security incident, with as little impact as possible on business as usual. Digital forensics is what follows - a scientific investigation into the causes of an incident with the aim of bringing the perpetrators to justice. These two disciplines have a close but complex relationship and require a balancing act to get right, but both are essential when an incident occurs. In this practical guide, the relationship between incident response and digital forensics is explored and you will learn how to undertake each and balance them to meet the needs of an organisation in the event of an information security incident. Best practice tips and real-life examples are included throughout. --- ‘A great book which I could see on the shelf of any investigator or included in the book lists of digital forensic and cyber security students at university’. Dale McGleenon, UK Ministry of Defence, Cyber Forensics & Network Incident Response --- 'A fantastic summary of cyber incident response and digital forensics for existing practitioners and managers which covers the all-important impact on people! This a great book to whet the appetite of those aspiring to get into the field.' Martin Heyde , Senior Manager - Cyber Incident Response, Deloitte LLP

Table of Contents

  1. Front Cover
  2. Half-Title Page
  4. Title Page
  5. Copyright Page
  6. Contents
  7. List of figures
  8. Author
  9. Foreword
  10. Acknowledgements
  11. Glossary
  12. Useful websites
  13. Preface
  14. Introduction
    1. Incident response
    2. Digital forensics
    3. Why both?
    4. Hands-on
    5. How this book fits in
  15. Part 1 Incident Response
    1. 1. Understanding Information Security Incidents
      1. What is an information security incident?
      2. Types of incident
      3. Detecting security incidents
      4. Why do security incidents happen?
      5. Summary
    2. 2. Before the Incident
      1. Building the incident response playbook
      2. Testing the playbook
      3. Incident planning and compliance
      4. Forensic readiness
      5. Summary
    3. 3. The Incident Response Process
      1. Identification
      2. Containment
      3. Eradication
      4. Recovery
      5. Summary
    4. 4. Things to Avoid During Incident Response
      1. Eradication and preservation
      2. An incident from an incident
      3. The blame game
      4. It’s not over until it’s over
      5. Summary
    5. 5. After the Incident
      1. Post mortem
      2. Quantify the impact
      3. Forensics
      4. Summary
    6. 6. The Business of Incident Response
      1. Request for proposal
      2. The power of PR
      3. Mergers and acquisitions
      4. Escape the technical bubble
      5. Incident response service providers
      6. Summary
  16. Part 2 Digital Forensics
    1. 7. Introducing the Digital Forensics Investigation
      1. The investigator
      2. Forensics fundamentals
      3. Arriving at an investigation
      4. Investigative process
      5. Summary
    2. 8. The Laws and Ethics of Digital Forensics
      1. Crimes without borders
      2. Laws applicable to forensics
      3. Ethical considerations
      4. Summary
    3. 9. Digital Forensics Tools
      1. Grab bag
      2. Forensic hardware
      3. Forensic software
      4. Summary
    4. 10. Evidence Acquisition Basics
      1. The hard disk drive
      2. Removable media
      3. Processing disk images
      4. File systems
      5. Operating systems
      6. Files
      7. Analysis of artefacts
      8. Summary
    5. 11. Capturing a Moving Target
      1. Incident response and digital forensics
      2. Live acquisition drivers
      3. Live acquisition technique
      4. Order of volatility
      5. Network forensics
      6. Summary
    6. 12. Memory Forensics
      1. Understanding memory devices
      2. Capturing
      3. Analysis
      4. Summary
    7. 13. Cloud Forensics
      1. Cloud computing terminology
      2. Acquisition in the cloud
      3. Container forensics
      4. Forensics in the cloud?
      5. Summary
    8. 14. Mobile Device Forensics
      1. Mobile phone terminology
      2. Seizing mobile devices
      3. Acquisition types and tools
      4. Smartphones
      5. Summary
    9. 15. Reporting and Presenting Your Findings
      1. Layout and content
      2. Audience
      3. Summary
    10. 16. The Human Elements of an Investigation
      1. Victims
      2. Perpetrators
      3. Investigators
      4. Summary
  17. Index
  18. Back Cover