You're reading from Digital Forensics and Incident Response Incident response tools and techniques for effective cyber threat response

Product type Paperback

Published in Dec 2022

Publisher Packt

ISBN-13 9781803238678

Length 532 pages

Edition 3rd Edition

Concepts

Forensics

Author (1):

Gerard Johansen

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Foundations of Incident Response and Digital Forensics

2. Chapter 1: Understanding Incident Response FREE CHAPTER

3. Chapter 2: Managing Cyber Incidents

4. Chapter 3: Fundamentals of Digital Forensics

5. Chapter 4: Investigation Methodology

6. Part 2: Evidence Acquisition

7. Chapter 5: Collecting Network Evidence

8. Chapter 6: Acquiring Host-Based Evidence

9. Chapter 7: Remote Evidence Collection

10. Chapter 8: Forensic Imaging

11. Part 3: Evidence Analysis

12. Chapter 9: Analyzing Network Evidence

13. Chapter 10: Analyzing System Memory

14. Chapter 11: Analyzing System Storage

15. Chapter 12: Analyzing Log Files

16. Chapter 13: Writing the Incident Report

17. Part 4: Ransomware Incident Response

18. Chapter 14: Ransomware Preparation and Response

19. Chapter 15: Ransomware Investigations

20. Part 5: Threat Intelligence and Hunting

21. Chapter 16: Malware Analysis for Incident Response

22. Chapter 17: Leveraging Threat Intelligence

23. Chapter 18: Threat Hunting

24. Assessments

25. Index

Why subscribe?

26. Other Books You May Enjoy

Appendix

Conti ransomware case study

One of the most prolific ransomware variants to hit is Conti. There are two aspects to Conti that make it stand out in terms of threat actors. The first of these aspects is that Conti is a RaaS threat actor. This type of threat actor uses an affiliate model where highly skilled recruits are found on hacking forums. From there, they are provided the tools and techniques necessary to execute the initial stage: attack and deploy ransomware. The original coders of the Conti variant are then provided a fee of anywhere between 10 to 30 percent of the ransom.

The second of these is that Conti affiliates will often exfiltrate data, along with encrypting files. This data is then held “hostage” by the affiliate for ransom. If the victim organization did not pay in time, the data would be released. Conti affiliates were even able to use a website both on the internet and on the dark web to post the data.

Before being shut down, the Conti variant...