舉報 
會員
Digital Forensics and Incident Response
最新章節:
Summary
ThisbookistargetedatInformationSecurityprofessionals,forensicspractitioners,andstudentswithknowledgeandexperienceintheuseofsoftwareapplicationsandbasiccommand-lineexperience.Itwillalsohelpprofessionalswhoarenewtotheincidentresponse/digitalforensicsrolewithintheirorganization.
- Summary 更新時間:2021-07-02 18:50:19
- Yara and Loki
- Redline
- Autopsy
- Reactive threat intelligence
- Proactive threat intelligence
- Using threat intelligence
- MISP threat sharing
- Threat intelligence platforms
- Open source
- Commercial sourcing
- Internally developed sources
- Threat intelligence sources
- MITRE ATT&CK
- Diamond model
- Cyber kill chain
- Threat intelligence direction
- Threat intelligence methodology
- Threat intelligence types
- Threat intelligence overview
- Threat Intelligence
- Summary
- Cuckoo sandbox
- Process Explorer
- Dynamic analysis
- Remnux
- Pestudio
- Static analysis
- Analyzing malware
- Dynamic analysis
- Static analysis
- Malware analysis overview
- Malware overview
- Malware Analysis
- Summary
- Forensic report
- Incident report
- Executive summary
- Written reports
- Fast incident response
- Incident tracking
- Audience
- Sources
- Types of documentation
- What to document
- Documentation overview
- Forensic Reporting
- Summary
- Registry analysis
- Timeline Analysis
- Keyword Searches
- Deleted Files
- Attached Devices
- Web Artifacts
- Examining a Case
- Navigating Autopsy
- Opening a case
- Installing Autopsy
- Autopsy
- Forensic platforms
- Analyzing System Storage
- Summary
- Malfind
- Sockets
- Event logs
- pslist
- imageinfo
- Rekall
- procdump
- memdump
- Dlldump
- psxview
- LDR modules
- netscan and sockets
- svcscan
- Handles
- DLLlist
- pstree
- psscan
- pslist
- Identifying the image
- Installing Volatility
- Volatility
- Redline
- Tools
- Network connections methodology
- SANS six-part methodology
- Memory analysis methodology
- Memory analysis
- Memory evidence overview
- Analyzing System Memory
- Summary
- ELK Stack
- SIEM
- DNS blacklists
- Analyzing network log files
- CapAnalysis
- Xplico
- Xplico and CapAnalysis
- Wireshark
- Command-line tools
- Analyzing packet captures
- Network Evidence Analysis
- Summary
- Imaging with Linux
- Live imaging
- Dead imaging
- Imaging
- Preparing a stage drive
- Overview of forensic imaging
- Understanding Forensic Imaging
- Summary
- Non-volatile data
- Virtual machines
- F-Response
- Winpmem
- Remote acquisition
- Winpmem
- FTK Imager
- Local acquisition
- Memory acquisition
- Evidence collection procedures
- Evidence acquisition
- Evidence volatility
- Preparation
- Acquiring Host-Based Evidence
- Summary
- Evidence collection
- Wireshark
- WinPcap and RawCap
- tcpdump
- Packet capture
- Security onion
- Security information and event management system
- Network device evidence
- Logs and log management
- Configuration
- Network diagram
- Preparation
- Network Evidence Collection
- Summary
- Jump kit
- Software
- Hardware
- Tools
- Physical security
- Digital forensic lab
- Presentation
- Analysis
- Examination
- Chain of custody
- Proper evidence handling
- Collection
- Preservation
- Identification
- The digital forensic process
- A brief history
- Digital forensic fundamentals
- Rules of evidence
- Laws and regulations
- Legal aspects
- Forensic Fundamentals
- Summary
- Maintaining the incident response capability
- Escalation procedures
- The incident response playbook
- Incident classification
- The incident response plan
- External resources
- Organizational support personnel
- Technical support personnel
- CSIRT core team
- CSIRT
- The incident response charter
- The incident response framework
- The role of digital forensics
- The incident response process
- Incident Response
- Questions
- Piracy
- Errata
- Downloading the color images of this book
- Customer support
- Reader feedback
- Conventions
- Who this book is for
- What you need for this book
- What this book covers
- Preface
- Customer Feedback
- Why subscribe?
- www.PacktPub.com
- About the Reviewer
- About the Author
- Credits
- Title Page
- coverpage
- coverpage
- Title Page
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Incident Response
- The incident response process
- The role of digital forensics
- The incident response framework
- The incident response charter
- CSIRT
- CSIRT core team
- Technical support personnel
- Organizational support personnel
- External resources
- The incident response plan
- Incident classification
- The incident response playbook
- Escalation procedures
- Maintaining the incident response capability
- Summary
- Forensic Fundamentals
- Legal aspects
- Laws and regulations
- Rules of evidence
- Digital forensic fundamentals
- A brief history
- The digital forensic process
- Identification
- Preservation
- Collection
- Proper evidence handling
- Chain of custody
- Examination
- Analysis
- Presentation
- Digital forensic lab
- Physical security
- Tools
- Hardware
- Software
- Jump kit
- Summary
- Network Evidence Collection
- Preparation
- Network diagram
- Configuration
- Logs and log management
- Network device evidence
- Security information and event management system
- Security onion
- Packet capture
- tcpdump
- WinPcap and RawCap
- Wireshark
- Evidence collection
- Summary
- Acquiring Host-Based Evidence
- Preparation
- Evidence volatility
- Evidence acquisition
- Evidence collection procedures
- Memory acquisition
- Local acquisition
- FTK Imager
- Winpmem
- Remote acquisition
- Winpmem
- F-Response
- Virtual machines
- Non-volatile data
- Summary
- Understanding Forensic Imaging
- Overview of forensic imaging
- Preparing a stage drive
- Imaging
- Dead imaging
- Live imaging
- Imaging with Linux
- Summary
- Network Evidence Analysis
- Analyzing packet captures
- Command-line tools
- Wireshark
- Xplico and CapAnalysis
- Xplico
- CapAnalysis
- Analyzing network log files
- DNS blacklists
- SIEM
- ELK Stack
- Summary
- Analyzing System Memory
- Memory evidence overview
- Memory analysis
- Memory analysis methodology
- SANS six-part methodology
- Network connections methodology
- Tools
- Redline
- Volatility
- Installing Volatility
- Identifying the image
- pslist
- psscan
- pstree
- DLLlist
- Handles
- svcscan
- netscan and sockets
- LDR modules
- psxview
- Dlldump
- memdump
- procdump
- Rekall
- imageinfo
- pslist
- Event logs
- Sockets
- Malfind
- Summary
- Analyzing System Storage
- Forensic platforms
- Autopsy
- Installing Autopsy
- Opening a case
- Navigating Autopsy
- Examining a Case
- Web Artifacts
- Attached Devices
- Deleted Files
- Keyword Searches
- Timeline Analysis
- Registry analysis
- Summary
- Forensic Reporting
- Documentation overview
- What to document
- Types of documentation
- Sources
- Audience
- Incident tracking
- Fast incident response
- Written reports
- Executive summary
- Incident report
- Forensic report
- Summary
- Malware Analysis
- Malware overview
- Malware analysis overview
- Static analysis
- Dynamic analysis
- Analyzing malware
- Static analysis
- Pestudio
- Remnux
- Dynamic analysis
- Process Explorer
- Cuckoo sandbox
- Summary
- Threat Intelligence
- Threat intelligence overview
- Threat intelligence types
- Threat intelligence methodology
- Threat intelligence direction
- Cyber kill chain
- Diamond model
- MITRE ATT&CK
- Threat intelligence sources
- Internally developed sources
- Commercial sourcing
- Open source
- Threat intelligence platforms
- MISP threat sharing
- Using threat intelligence
- Proactive threat intelligence
- Reactive threat intelligence
- Autopsy
- Redline
- Yara and Loki
- Summary 更新時間:2021-07-02 18:50:19
