Skip to content

Incident Response and Computer Forensics

ISBN-10: 007222696X

ISBN-13: 9780072226966

Edition: 2nd 2003 (Revised)

Authors: Chris Prosise, Kevin Mandia

List price: $59.00
Blue ribbon 30 day, 100% satisfaction guarantee!
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

This guide, with the help of insider FBI information, discusses how to respond to hacker attacks after they occur. It includes real case scenarios with insightful tips on how to respond and gives an insider's perspective on the incident reponse process.
Customers also bought

Book details

List price: $59.00
Edition: 2nd
Copyright year: 2003
Publisher: McGraw-Hill Osborne
Publication date: 7/17/2003
Binding: Paperback
Pages: 544
Size: 7.50" wide x 9.00" long x 1.25" tall
Weight: 0.396
Language: English

Foreword
Acknowledgments
Introduction
Introduction
Real-World Incidents
Factors Affecting Response
International Crime
Traditional Hacks
So What?
Introduction to the Incident Response Process
What Is a Computer Security Incident?
What Are the Goals of Incident Response?
Who Is Involved in the Incident Response Process?
Incident Response Methodology
So What?
Questions
Preparing for Incident Response
Overview of Pre-incident Preparation
Identifying Risk
Preparing Individual Hosts
Preparing a Network
Establishing Appropriate Policies and Procedures
Creating a Response Toolkit
Establishing an Incident Response Team
So What?
Questions
After Detection of an Incident
Overview of the Initial Response Phase
Establishing an Incident Notification Procedure
Recording the Details after Initial Detection
Incident Declaration
Assembling the CSIRT
Performing Traditional Investigative Steps
Conducting Interviews
Formulating a Response Strategy
So What?
Questions
Data Collection
Live Data Collection from Windows Systems
Creating a Response Toolkit
Storing Information Obtained during the Initial Response
Obtaining Volatile Data
Performing an In-Depth Live Response
Is Forensic Duplication Necessary?
So What?
Questions
Live Data Collection from Unix Systems
Creating a Response Toolkit
Storing Information Obtained During the Initial Response
Obtaining Volatile Data Prior to Forensic Duplication
Performing an In-Depth, Live Response
So What?
Questions
Forensic Duplication
Forensic Duplicates As Admissible Evidence
Forensic Duplication Tool Requirements
Creating a Forensic Duplicate of a Hard Drive
Creating a Qualified Forensic Duplicate of a Hard Drive
So What?
Questions
Collecting Network-based Evidence
What Is Network-based Evidence?
What Are the Goals of Network Monitoring?
Types of Network Monitoring
Setting Up a Network Monitoring System
Performing a Trap-and-Trace
Using tcpdump for Full-Content Monitoring
Collecting Network-based Log Files
So What?
Questions
Evidence Handling
What Is Evidence?
The Challenges of Evidence Handling
Overview of Evidence-Handling Procedures
So What?
Questions
Data Analysis
Computer System Storage Fundamentals
Hard Drives and Interfaces
Preparation of Hard Drive Media
Introduction to File Systems and Storage Layers
So What?
Questions
Data Analysis Techniques
Preparation for Forensic Analysis
Restoring a Forensic Duplicate
Preparing a Forensic Duplication for Analysis In Linux
Reviewing Image Files with Forensic Suites
Converting a Qualified Forensic Duplicate to a Forensic Duplicate
Recovering Deleted Files on Windows Systems
Recovering Unallocated Space, Free Space, and Slack Space
Generating File Lists
Preparing a Drive for String Searches
So What?
Questions
Investigating Windows Systems
Where Evidence Resides on Windows Systems
Conducting a Windows Investigation
File Auditing and Theft of Information
Handling the Departing Employee
So What?
Questions
Investigating Unix Systems
An Overview of the Steps in a Unix Investigation
Reviewing Pertinent Logs
Performing Keyword Searches
Reviewing Relevant Files
Identifying Unauthorized User Accounts or Groups
Identifying Rogue Processes
Checking for Unauthorized Access Points
Analyzing Trust Relationships
Detecting Trojan Loadable Kernel Modules
So What?
Questions
Analyzing Network Traffic
Finding Network-Based Evidence
Generating Session Data with tcptrace
Reassembling Sessions Using tcpflow
Reassembling Sessions Using Ethereal
Refining tcpdump Filters
So What?
Questions
Investigating Hacker Tools
What Are the Goals of Tool Analysis?
How Files Are Compiled
Static Analysis of a Hacker Tool
Dynamic Analysis of a Hacker Tool
So What?
Questions
Investigating Routers
Obtaining Volatile Data Prior to Powering Down
Finding the Proof
Using Routers as Response Tools
So What?
Questions
Writing Computer Forensic Reports
What Is a Computer Forensics Report?
Report Writing Guidelines
A Template for Computer Forensic Reports
So What?
Questions
Appendixes
Answers to Questions
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Incident Response Forms
Index