Book description
Investigating the Cyber Breach
The Digital Forensics Guide for the Network Engineer
- Understand the realities of cybercrime and today’s attacks
- Build a digital forensics lab to test tools and methods, and gain expertise
- Take the right actions as soon as you discover a breach
- Determine the full scope of an investigation and the role you’ll play
- Properly collect, document, and preserve evidence and data
- Collect and analyze data from PCs, Macs, IoT devices, and other endpoints
- Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence
- Analyze iOS and Android devices, and understand encryption-related obstacles to investigation
- Investigate and trace email, and identify fraud or abuse
- Use social media to investigate individuals or online identities
- Gather, extract, and analyze breach data with Cisco tools and techniques
- Walk through common breaches and responses from start to finish
- Choose the right tool for each task, and explore alternatives that might also be helpful
The professional’s go-to digital forensics resource for countering attacks right now
Today, cybersecurity and networking professionals know they can’t possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that.
Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You’ll learn how to make the most of today’s best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more.
Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now.
This book is part of the Networking Technology: Security Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Table of contents
- Cover Page
- Title Page
- Copyright Page
- About This E-Book
- About the Author
- About the Technical Reviewers
- Dedication
- Acknowledgments
- Reader Services
- Command Syntax Conventions
- Introduction
- Who Should Read This Book?
- How This Book Is Organized
- Chapter 1 Digital Forensics
- Chapter 2 Cybercrime and Defenses
- Chapter 3 Building a Digital Forensics Lab
-
Chapter 4 Responding to a Breach
- Why Organizations Fail at Incident Response
- Preparing for a Cyber Incident
- Defining Incident Response
- Incident Response Plan
- Assembling Your Incident Response Team
- Responding to an Incident
- Assessing Incident Severity
- Following Notification Procedures
- Employing Post-Incident Actions and Procedures
- Identifying Software Used to Assist in Responding to a Breach
- Summary
- References
- Chapter 5 Investigations
- Chapter 6 Collecting and Preserving Evidence
- Chapter 7 Endpoint Forensics
- Chapter 8 Network Forensics
- Chapter 9 Mobile Forensics
- Chapter 10 Email and Social Media
-
Chapter 11 Cisco Forensic Capabilities
- Cisco Security Architecture
- Cisco Open Source
- Cisco Firepower
- Cisco Advanced Malware Protection (AMP)
- Cisco Threat Grid
- Cisco Web Security Appliance
- Cisco CTA
- Meraki
- Email Security Appliance
- Cisco Identity Services Engine
- Cisco Stealthwatch
- Cisco Tetration
- Cisco Umbrella
- Cisco Cloudlock
- Cisco Network Technology
- Summary
- Reference
- Chapter 12 Forensic Case Studies
-
Chapter 13 Forensic Tools
-
Tools
- Slowloris DDOS Tool: Chapter 2
- Low Orbit Ion Cannon
- VMware Fusion: Chapter 3
- VirtualBox: Chapter 3
- Metasploit: Chapter 3
- Cuckoo Sandbox: Chapter 3
- Cisco Snort: Chapter 3
- FTK Imager: Chapters 3, 9
- FireEye Redline: Chapter 3
- P2 eXplorer: Chapter 3
- PlainSight: Chapter 3
- Sysmon: Chapter 3
- WebUtil: Chapter 3
- ProDiscover Basics: Chapter 3
- Solarwinds Trend Analysis Module: Chapter 4
- Splunk: Chapter 4
- RSA Security Analytics: Chapter 4
- IBM’s QRadar: Chapter 4
- HawkeyeAP: Chapter 4
- WinHex: Chapters 6, 7
- OSForensics: Chapter 6
- Mount Image Pro: Chapter 6
- DumpIt: Chapter 6
- LiME: Chapter 6
- TrIDENT: Chapter 7
- PEiD: Chapter 7
- Lnkanalyser: Chapter 7
- Windows File Analyzer: Chapter 7
- LECmd: Chapter 7
- SplViewer: Chapter 7
- PhotoRec: Chapter 7
- Windows Event Log: Chapter 7
- Log Parser Studio: Chapter 7
- LogRhythm: Chapter 8
- Mobile Devices
- Kali Linux Tools
-
Cisco Tools
- Cisco AMP
- Stealthwatch: Chapter 8
- Cisco WebEx: Chapter 4
- Snort: Chapter 11
- ClamAV: Chapter 10
- Razorback: Chapter 10
- Daemonlogger: Chapter 10
- Moflow Framework: Chapter 10
- Firepower: Chapter 10
- Threat Grid: Chapter 10
- WSA: Chapter 10
- Meraki: Chapter 10
- Email Security: Chapter 10
- ISE: Chapter 10
- Cisco Tetration: Chapter 10
- Umbrella: Chapter 10
- Norton ConnectSafe: No Chapter
- Cloudlock: Chapter 10
- Forensic Software Packages
-
Useful Websites
- Shodan: Chapter 1
- Wayback Machine: Chapter 3
- Robot.txt files: Chapter 2
- Hidden Wiki: Chapter 2
- NIST: Chapter 4
- CVE: Chapter 4
- Exploit-DB: Chapter 4
- Pastebin: Chapters 4, 10
- University of Pennsylvania Chain of Custody Form: Chapter 6
- List of File Signatures: Chapter 9
- Windows Registry Forensics Wiki: Chapter 7
- Mac OS Forensics Wiki: Chapter 7
-
Miscellaneous Sites
- Searchable FCC ID Database
- Service Name and Transport Protocol Port Number Registry
- NetFlow Version 9 Flow-Record Format
- NMAP
- Pwnable
- Embedded Security CTF
- CTF Learn
- Reversing.Kr
- Hax Tor
- W3Challs
- RingZer0 Team Online CTF
- Hellbound Hackers
- Over the Wire
- Hack This Site
- VulnHub
- Application Security Challenge
- iOS Technology Overview
- Summary
-
Tools
- Index
Product information
- Title: Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition
- Author(s):
- Release date: February 2018
- Publisher(s): Cisco Press
- ISBN: 9780134755885
You might also like
book
Cyber Security and Digital Forensics
CYBER SECURITY AND DIGITAL FORENSICS Cyber security is an incredibly important issue that is constantly changing, …
book
CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide
An all-new exam guide for version 8 of the Computer Hacking Forensic Investigator (CHFI) exam from …
book
Network Security Assessment, 3rd Edition
How secure is your network? The best way to find out is to attack it, using …
book
Digital Forensics and Incident Response - Third Edition
Incident response tools and techniques for effective cyber threat response Key Features Create a solid incident …