Chapter 3

Incident Response

Introduction

Within the field of computer security one of the less understood, but vitally important roles is that of the incident responder. The actions taken by the incident responder usually have a dramatic effect on any ensuing investigation. It is for this reason, as well as many others, that the computer incident responder is truly a jack of all trades. The skill sets that these responders must maintain and call upon on any incident include networking, digital forensics, protocol analysis, SIEM management, IDS, Firewall, and interpersonal skills. This chapter will introduce several of these skills and detail the tools and techniques that will be utilized in order to gather network intrusion artifacts from dissimilar ...

Get Network Intrusion Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.