Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Incident Response in the Age of Cloud

You're reading from   Incident Response in the Age of Cloud Techniques and best practices to effectively respond to cybersecurity incidents

Arrow left icon
Product type Paperback
Published in Feb 2021
Publisher Packt
ISBN-13 9781800569218
Length 622 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Dr. Erdal Ozkaya Dr. Erdal Ozkaya
Author Profile Icon Dr. Erdal Ozkaya
Dr. Erdal Ozkaya
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Getting Started with Incident Response 2. Incident Response – Evolution and Current Challenges FREE CHAPTER 3. How to Organize an Incident Response Team 4. Key Metrics for Incident Response 5. Methods and Tools of Incident Response Processes 6. Incident Handling 7. Incident Investigation 8. Incident Reporting 9. Incident Response on Multiple Platforms 10. Cyber Threat Intelligence Sharing 11. Incident Response in the Cloud 12. Building a Culture of Incident Readiness 13. Incident Response Best Practices 14. Incident Case Studies 15. Ask the Experts 16. Other Books You May Enjoy
17. Index

Analysis of emails

The most common phishing techniques involve emails. Thus, many investigations in phishing-related attacks are focused on the exchange of emails between attackers and victims. The IR team has to look at the email header and body to unearth key details about the attack. The email header generally contains the addresses of the sender and recipient. The sender's address is of key importance as it can reveal the technique used to deceive the recipient. In many instances, hackers use domains that closely resemble legitimate companies. For instance, an email from noreply@paypal.com and noreply@ṕaypal.com may look the same to a recipient, but in reality, they are from different domains. In other cases, the senders will spoof the email address, that is, send emails from a different address than the one reported in the header.

Besides the header, the IR team should also look closely at the email body. Many phishers include links to malicious or cloned sites...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime