Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Digital Forensics and Incident Response

You're reading from   Digital Forensics and Incident Response Incident response tools and techniques for effective cyber threat response

Arrow left icon
Product type Paperback
Published in Dec 2022
Publisher Packt
ISBN-13 9781803238678
Length 532 pages
Edition 3rd Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Gerard Johansen Gerard Johansen
Author Profile Icon Gerard Johansen
Gerard Johansen
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Part 1: Foundations of Incident Response and Digital Forensics
2. Chapter 1: Understanding Incident Response FREE CHAPTER 3. Chapter 2: Managing Cyber Incidents 4. Chapter 3: Fundamentals of Digital Forensics 5. Chapter 4: Investigation Methodology 6. Part 2: Evidence Acquisition
7. Chapter 5: Collecting Network Evidence 8. Chapter 6: Acquiring Host-Based Evidence 9. Chapter 7: Remote Evidence Collection 10. Chapter 8: Forensic Imaging 11. Part 3: Evidence Analysis
12. Chapter 9: Analyzing Network Evidence 13. Chapter 10: Analyzing System Memory 14. Chapter 11: Analyzing System Storage 15. Chapter 12: Analyzing Log Files 16. Chapter 13: Writing the Incident Report 17. Part 4: Ransomware Incident Response
18. Chapter 14: Ransomware Preparation and Response 19. Chapter 15: Ransomware Investigations 20. Part 5: Threat Intelligence and Hunting
21. Chapter 16: Malware Analysis for Incident Response 22. Chapter 17: Leveraging Threat Intelligence 23. Chapter 18: Threat Hunting 24. Assessments 25. Index 26. Other Books You May Enjoy Appendix

To get the most out of this book

A basic understanding of the Windows operating system internals will make some core concepts such as memory analysis or process execution easier to understand. Further, you should be comfortable working in the Windows and Linux command lines. Finally, a basic understanding of network protocols will be useful in analyzing network evidence.

Software/hardware covered in the book

Wireshark

Encrypted Disk Detector 3.0.2

FTK Imager 4.7.12

Security Onion 2.3

WinPmem 2.0.1

Zeek

Belkasoft Live RAM Capturer

RITA

Kroll gkape 1.2.0.0

Network Miner 2.7.3

Velociraptor 0.6.4

Arkime 3.3.1

Eraser 6.2.0.2993

Monolith Notes

Volatility 3 Framework 2.2.0

Pestudio 9.3.7

Volatility Workbench v3.0.1003

Process Explorer

Autopsy 4.19.3

ClamAV

Event Log Explorer 5.2

Maltego 4.3.1

Skadi 2019.4

Operating system requirements

Windows 10

Ubuntu 20.04

Various tools need to be run on a Linux OS, such as Ubuntu 20.04. There are also techniques that should be conducted in a sandbox environment to limit the potential for inadvertent infection. You should have a virtualization tool such as VMWare Workstation Player or VirtualBox to use several of the covered operating systems and tools.

In some cases, tools that are covered have a commercial version. There should be no need to purchase commercial tools in following the various examples presented. It is the intent that you can take the examples and constructs into a production environment and use them in actual investigations.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image