Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Checkout

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag Great Britain
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Singapore
Country selected
country flag Canary Islands
Country selected
country flag Hungary
Country selected
country flag Ukraine
Country selected
country flag Luxembourg
Country selected
country flag Estonia
Country selected
country flag Lithuania
Country selected
country flag South Korea
Country selected
country flag Turkey
Country selected
country flag Switzerland
Country selected
country flag Colombia
Country selected
country flag Taiwan
Country selected
country flag Chile
Country selected
country flag Norway
Country selected
country flag Ecuador
Country selected
country flag Indonesia
Country selected
country flag New Zealand
Country selected
country flag Cyprus
Country selected
country flag Denmark
Country selected
country flag Finland
Country selected
country flag Poland
Country selected
country flag Malta
Country selected
country flag Czechia
Country selected
country flag Austria
Country selected
country flag Sweden
Country selected
country flag Italy
Country selected
country flag Egypt
Country selected
country flag Belgium
Country selected
country flag Portugal
Country selected
country flag Slovenia
Country selected
country flag Ireland
Country selected
country flag Romania
Country selected
country flag Greece
Country selected
country flag Argentina
Country selected
country flag Netherlands
Country selected
country flag Bulgaria
Country selected
country flag Latvia
Country selected
country flag South Africa
Country selected
country flag Malaysia
Country selected
country flag Japan
Country selected
country flag Slovakia
Country selected
country flag Philippines
Country selected
country flag Mexico
Country selected
country flag Thailand
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Home > Security > Forensics > Digital Forensics and Incident Response
Digital Forensics and Incident Response
Digital Forensics and Incident Response

Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response , Third Edition

Arrow left icon
Profile Icon Gerard Johansen
Arrow right icon
€29.69 €32.99
eBook Dec 2022 532 pages 3rd Edition
eBook
€29.69 €32.99
Paperback
€41.99
Paperback
€41.99
Audiobook
€43.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Gerard Johansen
Arrow right icon
€29.69 €32.99
eBook Dec 2022 532 pages 3rd Edition
eBook
€29.69 €32.99
Paperback
€41.99
Paperback
€41.99
Audiobook
€43.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€29.69 €32.99
Paperback
€41.99
Paperback
€41.99
Audiobook
€43.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR

Contact Details

Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Digital Forensics and Incident Response

Join our book community on Discord

https://packt.link/SecNet

When examining the threats to today's information technology, it can seem overwhelming. From simple script kiddies using off-the-shelf code to nation-state adversary tools, it is critical to be prepared. For example, an internal employee can download a single instance of ransomware which can have a significant impact on an organization. More complex attacks such as a network exploitation attempt or targeted data breaches increase the chaos that a security incident causes. Technical personnel will have their hands full attempting to determine the systems that have been impacted and how they are being manipulated. They will also have to contend with addressing the possible loss of data through compromised systems. Adding to this chaotic situation are senior managers haranguing them for updates and an answer to the all-important questions: How did this happen and how bad is it?

...

The Incident Response Process

There is a general path that cyber security incidents follow during their lifetime. If the organization has a mature incident response capability, it will have taken measures to ensure they are prepared to address an incident at each stage of the process. Each incident starts with the first time the organization becomes aware of an event or series of events indicative of malicious activity. This detection can come in the form of a security control alert or an external party informing the organization of a potential security issue. Once alerted, the organization moves through analyzing the incident through containment measures to bring the information system back to normal operations. There is no set incident response process. One standard that is widely used is the National Institute of Standards and Technology (NIST) Incident Response process. The following diagram, taken from the NIST Special Publication 800-61, shows how the NIST process flows...

The Incident Response Framework

Responding to a data breach, ransomware attack, or other security incident should never be an ad hoc process. Undefined processes or procedures will leave an organization unable to both identify the extent of the incident and be able to stop the bleeding in sufficient time to limit damage. Further, attempting to craft plans during an incident may in fact destroy critical evidence, or worse, create more problems.

Having a solid understanding of the incident response process is just the first step to building this capability within an organization. What organizations need is a framework that puts processes to work utilizing the organization's available resources. The incident response framework describes the components of a functional incident response capability within an organization. This framework is made up of elements such as personnel, policies, and procedures. It is through these elements that an organization builds its capability...

The Incident Response Plan

With the incident response charter written and the CSIRT formed, the next step is to craft the incident response plan. The incident response plan is the document that outlines the high-level structure of an organization's response capability. This is a high-level document that serves as the foundation of the CSIRT. The major components of the incident response plan are as follows:

  • Incident response charter: The incident response plan should include the mission statement and constituency from the incident response charter. This gives the plan continuity between the inception of the incident response capability and the incident response plan.
  • Expanded services catalog: The initial incident response charter had general service categories with no real detail. The incident response plan should include specific details of what services CSIRT will be offering. For example, if forensic services are listed as part of the service...

Incident Response Playbooks

The incident response framework should also address the technical aspects of incident response. This is where playbooks and workflows come into play. A workflow is a short document that guides an analyst on using a tool or executing a technique. For example, in Chapter 13, we will be looking at incident triage. A workflow associated with incident triage is collecting an incident triage package via Velociraptor. These workflows are then combined into a playbook. Playbooks are created to give organizations a clear path through the process, but with a degree of flexibility if the incident under investigation does not fit neatly into the box.

A good indicator of which playbooks are critical is the organization's risk assessment. Examining the risk assessment for any threat rated critical or high will indicate which scenarios need to be addressed via an incident response playbook. Most organizations would identify a range of threats, such...

Testing the Incident Response Framework

So far, there have been several areas that have been addressed in terms of preparing for an incident. From an initial understanding of the process involved in incident response, we moved through the creation of an incident response plan and associated playbooks.

Once the capability has been created, it should be run through a tabletop exercise to flush out any gaps or deficiencies. This exercise should include a high-level incident scenario that involves the entire team and one of the associated playbooks. A report that details the results of the tabletop exercise and any gaps, corrections, or modifications should also be prepared and forwarded to the senior leadership. Once leadership has been informed and acknowledges that the CSIRT is ready to deploy, it is operational.

As the CSIRT becomes comfortable executing the plan under a structured scenario, they may want to try more complex testing measures. Another option...

Summary

Benjamin Franklin is quoted as saying, "By failing to prepare, you are preparing to fail." In many ways, this sentiment is quite accurate when it comes to organizations and the threat of cyber-attacks. Preparing for a cyber-attack is a critical function that must be taken as seriously as any other aspect of cyber security. Having a solid understanding of the incident response process to build on with an incident response capability can provide organizations with a measure of preparation so that in the event of an incident, they can respond. Keep in mind as we move forward that forensic techniques, threat intelligence, and reverse engineering are there to assist an organization in getting to the end, that is, back up and running.

This chapter explored some of the preparation that goes into building an incident response capability. Selecting a team, creating a plan, and building the playbooks and escalation procedures allow a CSIRT to effectively address...

Questions

  1. A tabletop exercise should be conducted after changes are made to the incident response plan and/or playbooks.
    • A) True
    • B) False
  2. Which of the following roles would not be a member of the CSIRT core team?
    • A) Incident coordinator
    • B) CSIRT analyst
    • C) Legal
  3. It is not important to have technical resources available as part of the incident response framework to aid during an incident.
    • A) True
    • B) False
  4. The risk assessment is a valid data source for identifying high-risk incidents for playbook creation.
    • A) True
    • B) False

Answers

  1. A
  2. C
  3. B
  4. A

Further Reading

Left arrow icon

Page 1 of 9

Right arrow icon

Key benefits

  • Create a solid incident response framework and manage cyber incidents effectively
  • Learn to apply digital forensics tools and techniques to investigate cyber threats
  • Explore the real-world threat of ransomware and apply proper incident response techniques for investigation and recovery

Description

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization’s infrastructure from attacks. This updated third edition will help you perform cutting-edge digital forensic activities and incident response with a new focus on responding to ransomware attacks. After covering the fundamentals of incident response that are critical to any information security team, you’ll explore incident response frameworks. From understanding their importance to creating a swift and effective response to security incidents, the book will guide you using examples. Later, you’ll cover digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. You’ll be able to apply these techniques to the current threat of ransomware. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you’ll be able to investigate and report unwanted security breaches and incidents in your organization.

Who is this book for?

This book is for cybersecurity and information security professionals who want to implement digital forensics and incident response in their organizations. You’ll also find the book helpful if you’re new to the concept of digital forensics and looking to get started with the fundamentals. A basic understanding of operating systems and some knowledge of networking fundamentals are required to get started with this book.

What you will learn

  • Create and deploy an incident response capability within your own organization
  • Perform proper evidence acquisition and handling
  • Analyze the evidence collected and determine the root cause of a security incident
  • Integrate digital forensic techniques and procedures into the overall incident response process
  • Understand different techniques for threat hunting
  • Write incident reports that document the key findings of your analysis
  • Apply incident response practices to ransomware attacks
  • Leverage cyber threat intelligence to augment digital forensics findings

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 16, 2022
Length: 532 pages
Edition : 3rd
Language : English
ISBN-13 : 9781803230252
Category :
Security
Concepts :
Forensics

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR

Contact Details

Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Dec 16, 2022
Length: 532 pages
Edition : 3rd
Language : English
ISBN-13 : 9781803230252
Category :
Security
Concepts :
Forensics

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
START FREE TRIAL
BUY NOW
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
START FREE TRIAL
BUY NOW

Table of Contents

10 Chapters
Digital Forensics and Incident Response, Fourth Edition: Incident Response tools and techniques for effective cyber threat response Chevron down icon Chevron up icon
Digital Forensics and Incident Response, Fourth Edition: Incident Response tools and techniques for effective cyber threat response
Understanding Incident Response Chevron down icon Chevron up icon
Join our book community on Discord
The Incident Response Process
The Incident Response Framework
The Incident Response Plan
Incident Response Playbooks
Testing the Incident Response Framework
Summary
Questions
Further Reading
Managing Cyber Incidents Chevron down icon Chevron up icon
Join our book community on Discord
The Incident Command Leading Procedures
Engaging the Incident Response Team
Incorporating crisis communications
Incorporating containment strategies
Getting back to normal – eradication, recovery and post incident activity
Summary
Questions
Further reading
Fundamentals of Digital Forensics Chevron down icon Chevron up icon
Join our book community on Discord
Forensic science overview
Trace evidence and digital forensics
Legal issues in digital forensics
Forensic procedures in incident response
AI in digital forensics
Summary
Questions
Further reading
Investigation Methodology Chevron down icon Chevron up icon
Join our book community on Discord
An intrusion analysis case study: The Cuckoo’s Egg
Incident investigation analysis types
Functional Digital Forensic Investigation methodology
Cyber Kill Chain
Diamond Model of Intrusion analysis
Summary
Questions
Collecting Network Evidence Chevron down icon Chevron up icon
Join our book community on Discord
Network evidence overview
Firewalls and proxy logs
NetFlow
Packet capture
Wireshark
Evidence collection
Summary
Questions
Further reading
Acquiring Host-Based Evidence Chevron down icon Chevron up icon
Join our book community on Discord
Preparation
Order of volatility
Evidence acquisition
Acquiring volatile memory
Acquiring non-volatile evidence
Summary
Questions
Further Reading
Remote Evidence Collection Chevron down icon Chevron up icon
Join our book community on Discord
Enterprise incident response challenges
Endpoint Detection and Response
Wazuh EDR
Velociraptor overview and deployment
Velociraptor scenarios
Summary
Questions
Forensic Imaging Chevron down icon Chevron up icon
Join our book community on Discord
Understanding forensic imaging
Tools for imaging
Preparing a staging drive
Using write blockers
Imaging techniques
Summary
Questions
Further reading
Analyzing Network Evidence Chevron down icon Chevron up icon
Join our book community on Discord
Network evidence overview
Analyzing firewall and proxy logs
Analyzing NetFlow
Analyzing packet captures
Summary
Questions
Further reading

Recommendations for you

Left arrow icon
CompTIA Security+: SY0-601 Certification Guide
CompTIA Security+: SY0-601 Certification Guide
Read more
Dec 2020 550 pages
Full star icon 4.9 (231)
eBook
eBook
  • eBook eBook €17.09
  • Paperback Paperback €23.99
  • Hardcover Hardcover €33.99
€17.09 €18.99
€23.99
€33.99
Bash Shell Scripting for Pentesters
Bash Shell Scripting for Pentesters
Read more
Dec 2024 402 pages
Full star icon 5 (1)
eBook
eBook
  • eBook eBook €24.29
  • Paperback Paperback €33.99
€24.29 €26.99
€33.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Read more
Apr 2024 828 pages
Full star icon 4.8 (31)
eBook
eBook
  • eBook eBook €29.69
  • Paperback Paperback €41.99
€29.69 €32.99
€41.99
Microsoft Defender for Identity in Depth
Microsoft Defender for Identity in Depth
Read more
Dec 2024 380 pages
eBook
eBook
  • eBook eBook €24.29
  • Paperback Paperback €33.99
€24.29 €26.99
€33.99
CompTIA Security+ SY0-701 Practice Tests
CompTIA Security+ SY0-701 Practice Tests
Read more
Dec 2024 260 pages
Paperback
Paperback
  • Paperback Paperback €18.99
€18.99
Mastering Linux Security and Hardening
Mastering Linux Security and Hardening
Read more
Feb 2023 620 pages
Full star icon 4.6 (33)
eBook
eBook
  • eBook eBook €26.99
  • Paperback Paperback €37.99
  • Hardcover Hardcover €52.99
€26.99 €29.99
€37.99
€52.99
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
Jun 2024 402 pages
Full star icon 4.3 (9)
eBook
eBook
  • eBook eBook €29.69
  • Paperback Paperback €41.99
€29.69 €32.99
€41.99
Mastering Microsoft Intune
Mastering Microsoft Intune
Read more
Mar 2024 822 pages
Full star icon 4.6 (25)
eBook
eBook
  • eBook eBook €29.69
  • Paperback Paperback €41.99
€29.69 €32.99
€41.99
Adversarial AI Attacks, Mitigations, and Defense Strategies
Adversarial AI Attacks, Mitigations, and Defense Strategies
Read more
Jul 2024 602 pages
Full star icon 4.9 (13)
eBook
eBook
  • eBook eBook €26.99
  • Paperback Paperback €37.99
€26.99 €29.99
€37.99
CISA – Certified Information Systems Auditor Study Guide
CISA – Certified Information Systems Auditor Study Guide
Read more
Oct 2024 356 pages
Full star icon 3.7 (3)
eBook
eBook
  • eBook eBook €26.99
  • Paperback Paperback €37.99
€26.99 €29.99
€37.99
Right arrow icon

About the author

Profile icon Gerard Johansen
Gerard Johansen
LinkedIn icon
Gerard Johansen is an incident response professional with over 15 years' experience in areas like penetration testing, vulnerability management, threat assessment modeling, and incident response. Beginning his information security career as a cyber crime investigator, he has built on that experience while working as a consultant and security analyst for clients and organizations ranging from healthcare to finance. Gerard is a graduate of Norwich University's Master of Science in Information Assurance program and a certified information systems security professional. He is currently employed as a senior incident response consultant with a large technology company, focusing on incident detection, response, and threat intelligence integration.
Read more
See other products by Gerard Johansen
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.

Modal Close icon
Modal Close icon