Book description
Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today’s hack attacks.
Table of contents
- Cover
- Half Title
- Title
- Copyright
- Dedication
- About the Authors
- At a Glance
- Contents
- Foreword
- Acknowledgments
- Introduction
-
Part I: Introduction
- Real-World Incidents
- Introduction to the Incident Response Process
- Preparing for Incident Response
- After Detection of an Incident
-
Part II: Data Collection
- Live Data Collection from Windows Systems
- Live Data Collection from Unix
- Forensic Duplication
- Collecting Network-based Evidence
- Evidence Handling
-
Part III: Data Analysis
- Computer System Storage Fundamentals
-
Data Analysis Techniques
- Preparation for Forensic Analysis
- Restoring a Forensic Duplicate
- Preparing a Forensic Duplication for Analysis In Linux
- Reviewing Image Files with Forensic Suites
- Converting a Qualified Forensic Duplicate to a Forensic Duplicate
- Recovering Deleted Files on Windows Systems
- Recovering Unallocated Space, Free Space, and Slack Space
- Generating File Lists
- Preparing a Drive for String Searches
- So What?
- Questions
-
Investigating Windows Systems
- Where Evidence Resides on Windows Systems
-
Conducting a Windows Investigation
- Reviewing All Pertinent Logs
- Performing Keyword Searches
- Reviewing Relevant Files
- Identifying Unauthorized User Accounts or Groups
- Identifying Rogue Processes
- Looking for Unusual or Hidden Files
- Checking for Unauthorized Access Points
- Examining Jobs Run by the Scheduler Service
- Analyzing Trust Relationships
- Reviewing Security Identifiers (SIDs)
- File Auditing and Theft of Information
- Handling the Departing Employee
- So What?
- Questions
-
Investigating Unix Systems
- An Overview of the Steps in a Unix Investigation
- Reviewing Pertinent Logs
- Performing Keyword Searches
- Reviewing Relevant Files
- Identifying Unauthorized User Accounts or Groups
- Identifying Rogue Processes
- Checking for Unauthorized Access Points
- Analyzing Trust Relationships
- Detecting Trojan Loadable Kernel Modules
- So What?
- Questions
- Analyzing Network Traffic
- Investigating Hacker Tools
- Investigating Routers
- Writing Computer Forensic Reports
- Part IV: Appendixes
- International Contact Information
- About The Companion Web Site
- Foundstone
- Advertisement
- About the Author
Product information
- Title: Incident Response & Computer Forensics, 2nd Ed., 2nd Edition
- Author(s):
- Release date: July 2003
- Publisher(s): McGraw-Hill
- ISBN: 9780072230376
You might also like
book
Incident Response & Computer Forensics, Third Edition, 3rd Edition
The definitive guide to incident response--updated for the first time in a decade! Thoroughly revised to …
book
Computer Incident Response and Forensics Team Management
Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer …
book
System Forensics, Investigation, and Response, 3rd Edition
Part of the Jones & Bartlett Learning Information Systems Security & Assurance Series! System Forensics, Investigation, …
book
Hands-on Incident Response and Digital Forensics
In this practical guide, the relationship between incident response and digital forensics is explored and you …