Карточка | Таблица | RUSMARC | |
Johansen, Gerard. Digital forensics and incident response: incident response techniques and procedures to respond to modern cyber threats / Gerard Johansen. — Second edition. — 1 online resource — <URL:http://elib.fa.ru/ebsco/2363873.pdf>.Дата создания записи: 07.02.2020 Тематика: Digital forensic science.; Computer networks — Security measures.; Computer crimes — Investigation.; Forensic sciences — Data processing. Коллекции: EBSCO Разрешенные действия: –
Действие 'Прочитать' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
Группа: Анонимные пользователи Сеть: Интернет |
Права на использование объекта хранения
Место доступа | Группа пользователей | Действие | ||||
---|---|---|---|---|---|---|
Локальная сеть Финуниверситета | Все | |||||
Интернет | Читатели | |||||
Интернет | Анонимные пользователи |
Оглавление
- Cover
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Table of Contents
- Preface
- Section 1: Foundations of Incident Response and Digital Forensics
- Chapter 1: Understanding Incident Response
- The incident response process
- The role of digital forensics
- The incident response framework
- The incident response charter
- CSIRT
- CSIRT core team
- Technical support personnel
- Organizational support personnel
- External resources
- The incident response plan
- Incident classification
- The incident response playbook
- Escalation procedures
- Testing the incident response framework
- Summary
- Questions
- Further reading
- The incident response process
- Chapter 2: Managing Cyber Incidents
- Engaging the incident response team
- CSIRT models
- Security Operations Center escalation
- SOC and CSIRT combined
- CSIRT fusion center
- The war room
- Communications
- Staff rotation
- CSIRT models
- Incorporating crisis communications
- Internal communications
- External communications
- Public notification
- Investigating incidents
- Incorporating containment strategies
- Getting back to normal – eradication and recovery
- Eradication strategies
- Recovery strategies
- Summary
- Questions
- Further reading
- Engaging the incident response team
- Chapter 3: Fundamentals of Digital Forensics
- Legal aspects
- Laws and regulations
- Rules of evidence
- Laws and regulations
- Digital forensics fundamentals
- A brief history
- The digital forensics process
- Identification
- Preservation
- Collection
- Proper evidence handling
- Chain of custody
- Examination
- Analysis
- Presentation
- Digital forensics lab
- Physical security
- Tools
- Hardware
- Software
- Linux forensic tools
- Jump kits
- Summary
- Questions
- Further reading
- Legal aspects
- Section 2: Evidence Acquisition
- Chapter 4: Collecting Network Evidence
- An overview of network evidence
- Preparation
- Network diagram
- Configuration
- Firewalls and proxy logs
- Firewalls
- Web proxy server
- NetFlow
- Packet captures
- tcpdump
- WinPcap and RawCap
- Wireshark
- Evidence collection
- Summary
- Questions
- Further reading
- An overview of network evidence
- Chapter 5: Acquiring Host-Based Evidence
- Preparation
- Order of Volatility
- Evidence acquisition
- Evidence collection procedures
- Acquiring volatile memory
- Local acquisition
- FTK Imager
- WinPmem
- RAM Capturer
- Remote acquisition
- WinPmem
- Virtual machines
- Local acquisition
- Acquiring non-volatile evidence
- CyLR.exe
- Checking for encryption
- Summary
- Questions
- Further reading
- Chapter 6: Forensic Imaging
- Understanding forensic imaging
- Imaging tools
- Preparing a stage drive
- Using write blockers
- Imaging techniques
- Dead imaging
- Imaging using FTK Imager
- Live imaging
- Remote memory acquisition
- WinPmem
- F-Response
- Virtual machines
- Linux imaging
- Dead imaging
- Summary
- Questions
- Further reading
- Section 3: Analyzing Evidence
- Chapter 7: Analyzing Network Evidence
- Network evidence overview
- Analyzing firewall and proxy logs
- DNS blacklists
- SIEM tools
- The Elastic Stack
- Analyzing NetFlow
- Analyzing packet captures
- Command-line tools
- Moloch
- Wireshark
- Summary
- Questions
- Further reading
- Chapter 8: Analyzing System Memory
- Memory analysis overview
- Memory analysis methodology
- SANS six-part methodology
- Network connections methodology
- Memory analysis tools
- Memory analysis with Redline
- Redline analysis process
- Redline process analysis
- Memory analysis with Volatility
- Installing Volatility
- Working with Volatility
- Volatility image information
- Volatility process analysis
- Process list
- Process scan
- Process tree
- DLL list
- The handles plugin
- LDR modules
- Process xview
- Volatility network analysis
- connscan
- Volatility evidence extraction
- Memory dump
- DLL file dump
- Executable dump
- Memory analysis with strings
- Installing Strings
- IP address search
- HTTP search
- Summary
- Questions
- Further reading
- Chapter 9: Analyzing System Storage
- Forensic platforms
- Autopsy
- Installing Autopsy
- Opening a case
- Navigating Autopsy
- Examining a case
- Web artifacts
- Attached devices
- Deleted files
- Keyword searches
- Timeline analysis
- MFT analysis
- Registry analysis
- Summary
- Questions
- Further reading
- Chapter 10: Analyzing Log Files
- Logging and log management
- Working with event management systems
- Security Onion
- The Elastic Stack
- Understanding Windows logs
- Analyzing Windows event logs
- Acquisition
- Triage
- Analysis
- Event Log Explorer
- Analyzing logs with Skadi
- Summary
- Questions
- Further reading
- Chapter 11: Writing the Incident Report
- Documentation overview
- What to document
- Types of documentation
- Sources
- Audience
- Incident tracking
- Fast Incident Response
- Written reports
- Executive summary
- Incident report
- Forensic report
- Summary
- Questions
- Further reading
- Documentation overview
- Section 4: Specialist Topics
- Chapter 12: Malware Analysis for Incident Response
- Malware classifications
- Malware analysis overview
- Static analysis
- Dynamic analysis
- Analyzing malware
- Static analysis
- ClamAV
- PeStudio
- REMnux
- YARA
- Static analysis
- Dynamic analysis
- Malware sandbox
- Process Explorer
- Process Spawn Control
- Cuckoo Sandbox
- Summary
- Questions
- Further reading
- Chapter 13: Leveraging Threat Intelligence
- Understanding threat intelligence
- Threat intelligence types
- Pyramid of pain
- Threat intelligence methodology
- Threat intelligence direction
- Cyber kill chain
- Diamond model
- Threat intelligence direction
- Threat intelligence sources
- Internally developed sources
- Commercial sourcing
- Open source
- Threat intelligence platforms
- MISP threat sharing
- Using threat intelligence
- Proactive threat intelligence
- Reactive threat intelligence
- Autopsy
- Adding IOCs to Redline
- Yara and Loki
- Summary
- Questions
- Further reading
- Understanding threat intelligence
- Chapter 14: Hunting for Threats
- The threat hunting maturity model
- Threat hunt cycle
- Initiating event
- Creating a working hypothesis
- Leveraging threat intelligence
- Applying forensic techniques
- Identifying new indicators
- Enriching the existing hypothesis
- MITRE ATT&CK
- Threat hunt planning
- Threat hunt reporting
- Summary
- Questions
- Further reading
- Appendix
- Assessment
- Other Books You May Enjoy
- Index
Статистика использования
Количество обращений: 0
За последние 30 дней: 0 Подробная статистика |