O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hands-On Incident Response Analysis

Video Description

Investigate countless aspects of incident handling and responses

About This Video

  • Identify various attacks on networks, websites, and applications
  • Prevent attacks using incident handling processes and keep your systems safe
  • Implement various Incident Handling tools

In Detail

Cyber attacks take place every minute of the day around the World. Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. Responding to any incident rapidly will help your organization minimize losses, mitigate any vulnerabilities, restore services and processes as quickly as possible, and reduce the risk of being attacked in the future. Incident responses prepare an organization for the unknown and is a dependable method for detecting a security instance instantly when it occurs.

In this course, you will get to know the core principles of hands-on Incident Response (IR). You will look at some major symptoms, defenses against them, and what to do when an incident happens. You will learn about the actual process of detecting incidents and how to respond to them. You will explore the actual workflow steps that every security professional should follow to make sure you are consistent in all incidents that are currently affecting you as well as future ones. Moving on, you will delve into some more common incidents that take place in your networks by looking at how to handle and respond to issues such as a DoS, a session hijack, or even malicious code. You will be able to differentiate between commodity and Advanced Persistent Threat attack groups. You will explore how to review alerts, log files, and recognize common character encodings and carrier files.

By the end of this course, you will be ready to take on the task of responding to events and incidents alike and you'll be able to identify different signs that may indicate you've had an incident or one's coming your way.

Downloading the example code for this course: You can download the example code files for all Packt video courses you have purchased from your account at http://www.PacktPub.com. If you purchased this course elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Chapter 1 : Discovering Incident Response
    1. The Course Overview 00:01:30
    2. Identification, Initial Recording, and Response 00:03:33
    3. Incident Communication and Containment 00:02:38
    4. Response Strategy Formulation 00:02:20
    5. Incident Classification and Investigation 00:02:27
    6. Forensics and Eradication 00:03:07
    7. Incident Documentation 00:02:26
  2. Chapter 2 : Detecting and Preventing Attacks on the Host and Networks
    1. Section Introduction 00:01:27
    2. Denial-of-Service Attack Detection and Prevention 00:08:36
    3. Unauthorized Attack Detection and Prevention 00:12:09
    4. Inappropriate Usage Detection and Prevention 00:10:55
    5. Multiple Component Issues, Detection, and Prevention 00:05:07
  3. Chapter 3 : Building Defense for Services and Attacks on Applications
    1. Introducing the Section 00:01:23
    2. Session Hijacking Symptoms and Defense 00:05:04
    3. SQL Injection Attack Symptoms and Defense 00:05:12
    4. Cross-site Scripting Attack Symptoms and Defense 00:05:04
    5. Buffer Overflow Attack Symptoms and Defense 00:04:29
  4. Chapter 4 : Detecting and Handling Malicious Code
    1. Signs of Malware Code 00:03:20
    2. Bot and Botnets 00:03:26
    3. Rootkit in Windows 00:05:05
    4. Detection and Prevention of Malicious Code 00:03:37
  5. Chapter 5 : Implementing Forensics for Incident Response
    1. Forensics Investigation 00:02:39
    2. Capturing Data and Imaging 00:02:23
    3. FTK Imaging Software 00:06:21
    4. Memory Analysis Using Volatility 00:09:26
    5. The Autopsy Program 00:07:53
  6. Chapter 6 : Preventing Insider Threats: Detection and Handling
    1. Workflow of Insider Threats 00:03:18
    2. Detection and Response for Insider Attacks 00:02:17
    3. Insider Threats Prevention: Network Level 00:02:41
    4. Insider Threats Prevention: Access Control 00:02:47
    5. Insider Threats Prevention: Privileged Users 00:03:04
    6. Insider Threats Prevention: Backup 00:03:08