Chapter 5. Incident Response Tools
So far, we've covered how systems are compromised, how data can be hidden on a live system, and how systems can be configured to prevent (or at least allow the administrator to detect) incidents. In this chapter, we're going to cover the various tools that are used in incident response. These are tools that you as the administrator, first responder, incident investigator, or security consultant are going to use to collect information from systems. This chapter is going to cover just tools. Techniques, methodologies, and analysis of the information you collect will be covered in the following chapters. In this chapter, we'll cover freeware tools, tools native to Windows systems, and Perl scripts used to collect ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
