(Ebook) Incident Response and Computer Forensics 2nd Edition by Chris Prosise, Kevin Mandia, Matt Pepe ISBN 007222696X 9780072226966

(Ebook) Incident Response and Computer Forensics 2nd Edition by Chris Prosise, Kevin Mandia, Matt Pepe ISBN 007222696X 9780072226966

(Ebook) Incident Response and Computer Forensics 2nd Edition by Chris Prosise, Kevin Mandia, Matt Pepe - Ebook PDF Instant Download/Delivery: 007222696X, 9780072226966
Full download (Ebook) Incident Response and Computer Forensics 2nd Edition after payment

Product details:

ISBN 10: 007222696X 
ISBN 13: 9780072226966
Author: Chris Prosise, Kevin Mandia, Matt Pepe

Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today’s hack attacks.

(Ebook) Incident Response and Computer Forensics 2nd Table of contents:

PART I Introduction
CHAPTER 1 Real-World Incidents
FACTORS AFFECTING RESPONSE
INTERNATIONAL CRIME
TRADITIONAL HACKS
SO WHAT?
CHAPTER 2 Introduction to the Incident Response Process
WHAT IS A COMPUTER SECURITY INCIDENT?
WHAT ARE THE GOALS OF INCIDENT RESPONSE?
WHO IS INVOLVED IN THE INCIDENT RESPONSE PROCESS?
INCIDENT RESPONSE METHODOLOGY
SO WHAT?
QUESTIONS
CHAPTER 3 Preparing for Incident Response
OVERVIEW OF PRE-INCIDENT PREPARATION
IDENTIFYING RISK
PREPARING INDIVIDUAL HOSTS
PREPARING A NETWORK
ESTABLISHING APPROPRIATE POLICIES AND PROCEDURES
CREATING A RESPONSE TOOLKIT
ESTABLISHING AN INCIDENT RESPONSE TEAM
SO WHAT?
QUESTIONS
CHAPTER 4 After Detection of an Incident
OVERVIEW OF THE INITIAL RESPONSE PHASE
ESTABLISHING AN INCIDENT NOTIFICATION PROCEDURE
RECORDING THE DETAILS AFTER INITIAL DETECTION
INCIDENT DECLARATION
ASSEMBLING THE CSIRT
PERFORMING TRADITIONAL INVESTIGATIVE STEPS
CONDUCTING INTERVIEWS
FORMULATING A RESPONSE STRATEGY
SO WHAT?
QUESTIONS
PART II Data Collection
CHAPTER 5 Live Data Collection from Windows Systems
CREATING A RESPONSE TOOLKIT
STORING INFORMATION OBTAINED DURING THE INITIAL RESPONSE
OBTAINING VOLATILE DATA
PERFORMING AN IN-DEPTH LIVE RESPONSE
IS FORENSIC DUPLICATION NECESSARY?
SO WHAT?
QUESTIONS
CHAPTER 6 Live Data Collection from Unix Systems
CREATING A RESPONSE TOOLKIT
STORING INFORMATION OBTAINED DURING THE INITIAL RESPONSE
OBTAINING VOLATILE DATA PRIOR TO FORENSIC DUPLICATION
SO WHAT?
QUESTIONS
CHAPTER 7 Forensic Duplication
FORENSIC DUPLICATES AS ADMISSIBLE EVIDENCE
FORENSIC DUPLICATION TOOL REQUIREMENTS
CREATING A FORENSIC DUPLICATE OF A HARD DRIVE
CREATING A QUALIFIED FORENSIC DUPLICATE OF A HARD DRIVE
SO WHAT?
QUESTIONS
CHAPTER 8 Collecting Network-based Evidence
WHAT IS NETWORK-BASED EVIDENCE?
WHAT ARE THE GOALS OF NETWORK MONITORING?
TYPES OF NETWORK MONITORING
SETTING UP A NETWORK MONITORING SYSTEM
PERFORMING A TRAP-AND-TRACE
USING TCPDUMP FOR FULL-CONTENT MONITORING
COLLECTING NETWORK-BASED LOG FILES
SO WHAT?
QUESTIONS
CHAPTER 9 Evidence Handling
WHAT IS EVIDENCE?
THE CHALLENGES OF EVIDENCE HANDLING
OVERVIEW OF EVIDENCE-HANDLING PROCEDURES
SO WHAT?
QUESTIONS
PART III Data Analysis
CHAPTER 10 Computer System Storage Fundamentals
HARD DRIVES AND INTERFACES
PREPARATION OF HARD DRIVE MEDIA
INTRODUCTION TO FILE SYSTEMS AND STORAGE LAYERS
SO WHAT?
QUESTIONS
CHAPTER 11 Data Analysis Techniques
PREPARATION FOR FORENSIC ANALYSIS
RESTORING A FORENSIC DUPLICATE
PREPARING A FORENSIC DUPLICATION FOR ANALYSIS IN LINUX
REVIEWING IMAGE FILES WITH FORENSIC SUITES
CONVERTING A QUALIFIED FORENSIC DUPLICATE TO A FORENSIC DUPLICATE
RECOVERING DELETED FILES ON WINDOWS SYSTEMS
RECOVERING UNALLOCATED SPACE, FREE SPACE, AND SLACK SPACE
GENERATING FILE LISTS
PREPARING A DRIVE FOR STRING SEARCHES
SO WHAT?
QUESTIONS
CHAPTER 12 Investigating Windows Systems
WHERE EVIDENCE RESIDES ON WINDOWS SYSTEMS
CONDUCTING A WINDOWS INVESTIGATION
FILE AUDITING AND THEFT OF INFORMATION
HANDLING THE DEPARTING EMPLOYEE
SO WHAT?
QUESTIONS
CHAPTER 13 Investigating Unix Systems
AN OVERVIEW OF THE STEPS IN A UNIX INVESTIGATION
REVIEWING PERTINENT LOGS
PERFORMING KEYWORD SEARCHES
REVIEWING RELEVANT FILES
IDENTIFYING UNAUTHORIZED USER ACCOUNTS OR GROUPS
IDENTIFYING ROGUE PROCESSES
CHECKING FOR UNAUTHORIZED ACCESS POINTS
ANALYZING TRUST RELATIONSHIPS
DETECTING TROJAN LOADABLE KERNEL MODULES
SO WHAT?
QUESTIONS
CHAPTER 14 Analyzing Network Traffic
FINDING NETWORK-BASED EVIDENCE
GENERATING SESSION DATA WITH TCPTRACE
REASSEMBLING SESSIONS USING TCPFLOW
REASSEMBLING SESSIONS USING ETHEREAL
REFINING TCPDUMP FILTERS
SO WHAT?
QUESTIONS
CHAPTER 15 Investigating Hacker Tools
WHAT ARE THE GOALS OF TOOL ANALYSIS?
HOW FILES ARE COMPILED
STATIC ANALYSIS OF A HACKER TOOL
DYNAMIC ANALYSIS OF A HACKER TOOL
SO WHAT?
QUESTIONS
CHAPTER 16 Investigating Routers
OBTAINING VOLATILE DATA PRIOR TO POWERING DOWN
FINDING THE PROOF
USING ROUTERS AS RESPONSE TOOLS
SO WHAT?
QUESTIONS
CHAPTER 17 Writing Computer Forensic Reports
WHAT IS A COMPUTER FORENSICS REPORT?
REPORT WRITING GUIDELINES
A TEMPLATE FOR COMPUTER FORENSIC REPORTS

People also search for (Ebook) Incident Response and Computer Forensics 2nd:

incident response and computer forensics pdf
    
incident response and computer forensics 3rd edition
    
incident response & computer forensics third edition
    
incident response and computer forensics
    
incident response & computer forensics
    
facebook incident response team

Tags: Chris Prosise, Kevin Mandia, Matt Pepe, Incident, Response