會員

Digital Forensics and Incident Response

更新時間：2021-07-02 18:50:19

開會員，本書免費讀 >

ThisbookistargetedatInformationSecurityprofessionals,forensicspractitioners,andstudentswithknowledgeandexperienceintheuseofsoftwareapplicationsandbasiccommand-lineexperience.Itwillalsohelpprofessionalswhoarenewtotheincidentresponse/digitalforensicsrolewithintheirorganization.

目錄(198章)

倒序

coverpage
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Incident Response
The incident response process
The role of digital forensics
The incident response framework
The incident response charter
CSIRT
CSIRT core team
Technical support personnel
Organizational support personnel
External resources
The incident response plan
Incident classification
The incident response playbook
Escalation procedures
Maintaining the incident response capability
Summary
Forensic Fundamentals
Legal aspects
Laws and regulations
Rules of evidence
Digital forensic fundamentals
A brief history
The digital forensic process
Identification
Preservation
Collection
Proper evidence handling
Chain of custody
Examination
Analysis
Presentation
Digital forensic lab
Physical security
Tools
Hardware
Software
Jump kit
Summary
Network Evidence Collection
Preparation
Network diagram
Configuration
Logs and log management
Network device evidence
Security information and event management system
Security onion
Packet capture
tcpdump
WinPcap and RawCap
Wireshark
Evidence collection
Summary
Acquiring Host-Based Evidence
Preparation
Evidence volatility
Evidence acquisition
Evidence collection procedures
Memory acquisition
Local acquisition
FTK Imager
Winpmem
Remote acquisition
Winpmem
F-Response
Virtual machines
Non-volatile data
Summary
Understanding Forensic Imaging
Overview of forensic imaging
Preparing a stage drive
Imaging
Dead imaging
Live imaging
Imaging with Linux
Summary
Network Evidence Analysis
Analyzing packet captures
Command-line tools
Wireshark
Xplico and CapAnalysis
Xplico
CapAnalysis
Analyzing network log files
DNS blacklists
SIEM
ELK Stack
Summary
Analyzing System Memory
Memory evidence overview
Memory analysis
Memory analysis methodology
SANS six-part methodology
Network connections methodology
Tools
Redline
Volatility
Installing Volatility
Identifying the image
pslist
psscan
pstree
DLLlist
Handles
svcscan
netscan and sockets
LDR modules
psxview
Dlldump
memdump
procdump
Rekall
imageinfo
pslist
Event logs
Sockets
Malfind
Summary
Analyzing System Storage
Forensic platforms
Autopsy
Installing Autopsy
Opening a case
Navigating Autopsy
Examining a Case
Web Artifacts
Email
Attached Devices
Deleted Files
Keyword Searches
Timeline Analysis
Registry analysis
Summary
Forensic Reporting
Documentation overview
What to document
Types of documentation
Sources
Audience
Incident tracking
Fast incident response
Written reports
Executive summary
Incident report
Forensic report
Summary
Malware Analysis
Malware overview
Malware analysis overview
Static analysis
Dynamic analysis
Analyzing malware
Static analysis
Pestudio
Remnux
Dynamic analysis
Process Explorer
Cuckoo sandbox
Summary
Threat Intelligence
Threat intelligence overview
Threat intelligence types
Threat intelligence methodology
Threat intelligence direction
Cyber kill chain
Diamond model
MITRE ATT&CK
Threat intelligence sources
Internally developed sources
Commercial sourcing
Open source
Threat intelligence platforms
MISP threat sharing
Using threat intelligence
Proactive threat intelligence
Reactive threat intelligence
Autopsy
Redline
Yara and Loki
Summary 更新時間：2021-07-02 18:50:19

官术网_书友最值得收藏!

Digital Forensics and Incident Response