Introduction

Within the field of computer security one of the less understood, but vitally important roles is that of the incident responder. The actions taken by the incident responder usually have a dramatic effect on any ensuing investigation. It is for this reason, as well as many others, that the computer incident responder is truly a jack of all trades. The skill sets that these responders must maintain and call upon on any incident include networking, digital forensics, protocol analysis, SIEM management, IDS, Firewall, and interpersonal skills. This chapter will introduce several of these skills and detail the tools and techniques that will be utilized in order to gather network intrusion artifacts from dissimilar ...