Digital Forensics and Incident Response by Gerard Johansen

Key FeaturesLearn incident response fundamentals and create an effective incident response frameworkMaster forensics investigation utilizing digital investigative techniquesContains real-life scenarios that effectively use threat intelligence and modeling techniquesBook DescriptionDigital Forensics and Incident Response will guide you through the entire spectrum of tasks associated with incident response, starting with preparatory activities associated with creating an incident response plan and creating a digital forensics capability within your own organization. You will then begin a detailed examination of digital forensic techniques including acquiring evidence, examining volatile memory, hard drive assessment, and network-based evidence. You will also explore the role that threat intelligence plays in the incident response process. Finally, a detailed section on preparing reports will help you prepare a written report for use either internally or in a courtroom.By the end of the book, you will have mastered forensic techniques and incident response and you will have a solid foundation on which to increase your ability to investigate such incidents in your organization.What you will learnCreate and deploy incident response capabilities within your organizationBuild a solid foundation for acquiring and handling suitable evidence for later analysisAnalyze collected evidence and determine the root cause of a security incidentLearn to integrate digital forensic techniques and procedures into the overall incident response processIntegrate threat intelligence in digital evidence analysisPrepare written documentation for use internally or with external parties such as regulators or law enforcement agenciesAbout the AuthorGerard Johansen is an information security professional with over a decade of experience in such areas as penetration testing, vulnerability management, threat assessment modeling, and incident response. Beginning his information security career while a cybercrime investigator, Gerard has built on that experience while working as a consultant and security analyst for clients and organizations ranging from healthcare to finance. Gerard is a graduate of Norwich Universitys Masters of Science in Information Assurance and a Certified Information Systems Security Professional. Gerard is currently employed as an Enterprise Security Manager with a large retailer with a focus on incident detection, response and threat intelligence integration. He has also contributed to several online publications focused on various aspects of penetration testing.Table of ContentsIncident ResponseForensic FundamentalsNetwork Evidence CollectionHost-Based EvidenceUnderstanding Forensic ImagingNetwork Evidence AnalysisAnalyzing System Memory Analyzing System StorageForensic ReportingMalware AnalysisThreat Intelligence