You're reading from Digital Forensics and Incident Response Incident response tools and techniques for effective cyber threat response

Product type Paperback

Published in Dec 2022

Publisher Packt

ISBN-13 9781803238678

Length 532 pages

Edition 3rd Edition

Concepts

Forensics

Author (1):

Gerard Johansen

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Foundations of Incident Response and Digital Forensics

2. Chapter 1: Understanding Incident Response FREE CHAPTER

3. Chapter 2: Managing Cyber Incidents

4. Chapter 3: Fundamentals of Digital Forensics

5. Chapter 4: Investigation Methodology

6. Part 2: Evidence Acquisition

7. Chapter 5: Collecting Network Evidence

8. Chapter 6: Acquiring Host-Based Evidence

9. Chapter 7: Remote Evidence Collection

10. Chapter 8: Forensic Imaging

11. Part 3: Evidence Analysis

12. Chapter 9: Analyzing Network Evidence

13. Chapter 10: Analyzing System Memory

14. Chapter 11: Analyzing System Storage

15. Chapter 12: Analyzing Log Files

16. Chapter 13: Writing the Incident Report

17. Part 4: Ransomware Incident Response

18. Chapter 14: Ransomware Preparation and Response

19. Chapter 15: Ransomware Investigations

20. Part 5: Threat Intelligence and Hunting

21. Chapter 16: Malware Analysis for Incident Response

22. Chapter 17: Leveraging Threat Intelligence

23. Chapter 18: Threat Hunting

24. Assessments

25. Index

Why subscribe?

26. Other Books You May Enjoy

Appendix

Static analysis

Static analysis involves examining the actual malware code without executing it on a system. For malware researchers, the code may be obtained from systems that are left out to be deliberately infected, or from production systems that have been impacted by the malware.

In this case, incident response analysts can obtain the code or executable through a combination of memory analysis and acquiring the actual executable while analyzing the hard drive. Static analysis often comprises several different techniques, as follows:

Fingerprinting: One of the most basic techniques is obtaining a cryptographical hash of the code. These hashes can then be compared to other known hashes to determine if the code has been seen before.
Antivirus scanning: Antivirus vendors often do not catch every virus. For example, some vendors may have analyzed the code and deployed a signature for their product. Other vendors may not have had access to the code or deployed a signature...