دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals
دانلود کتاب Cloud Forensics Demystified: رمزگشایی پیچیدگی های تحقیقات ابری برای متخصصان پزشکی قانونی دیجیتال
مشخصات کتاب
Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals
ویرایش: نویسندگان: Ramakrishnan, Ganesh, Haqanee, Mansoor سری: ISBN (شابک) : 9781800564411 ناشر: Packt سال نشر: 2024 تعداد صفحات: 384 زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 40 مگابایت
قیمت کتاب (تومان) : 61,000
در صورت تبدیل فایل کتاب Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب Cloud Forensics Demystified: رمزگشایی پیچیدگی های تحقیقات ابری برای متخصصان پزشکی قانونی دیجیتال نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Cover Title Page Copyright and Credits Contributors Table of Contents Preface Part 1: Cloud Fundamentals Chapter 1: Introduction to the Cloud Advantages and disadvantages of cloud computing An overview of cloud services Cloud deployment models Cloud adoption success stories Impact of the cloud and other technologies Summary Further reading Chapter 2: Trends in Cyber and Privacy Laws and Their Impact on DFIR The role of a breach counselor (breach coach) General legal considerations for cloud adoption eDiscovery considerations and legal guidance Digital forensics challenges Legal frameworks for private data Contractual private data Regulated private data Jurisdictional requirements in relation to private data Legal implications for data retention and deletion Responsibilities and liabilities of the cloud and their implications for incident response Jurisdiction and cross-border data transfers Summary Further reading Chapter 3: Exploring the Major Cloud Providers Amazon Web Services (AWS) Amazon Elastic Compute Cloud (EC2) Amazon Virtual Private Cloud (VPC) Amazon Simple Storage Service (S3) AWS Identity and Access Management (IAM) Amazon Relational Database Service (RDS) Microsoft Azure Microsoft Azure virtual machines Microsoft Azure Virtual Network Microsoft Azure Blob Storage Microsoft Azure Active Directory (Azure AD) Microsoft Azure SQL Database Google Cloud Platform (GCP) Google Compute Engine (GCE) Google Virtual Private Cloud (VPC) Google Cloud Storage (GCS) Google Cloud SQL Other cloud service providers Summary Further reading Chapter 4: DFIR Investigations – Logs in AWS VPC flow logs VPC basics Sample VPC flow log DFIR use cases for VPC flow logging S3 access logs Logging options DFIR use cases for S3 monitoring AWS CloudTrail Creating a trail Event data stores Investigating CloudTrail events DFIR use cases for CloudTrail logging AWS CloudWatch CloudWatch versus CloudTrail Setting up CloudWatch logging Querying CloudWatch logs on the AWS console DFIR use cases for CloudWatch Amazon GuardDuty Amazon Detective Summary Further reading Part 2: Forensic Readiness: Tools, Techniques, and Preparation for Cloud Forensics Chapter 5: DFIR Investigations – Logs in Azure Azure Log Analytics Azure Virtual Networks NSG flow logs Azure Storage Azure Monitor Azure Virtual Machines log analysis Microsoft Defender for Cloud NSG flow logs Microsoft Sentinel Summary Further reading Chapter 6: DFIR Investigations – Logs in GCP GCP core services GCP IAM GCP’s IAM roles and identities Policy Analyzer DFIR use cases for Policy Analyzer GCP Logs Explorer Overview of log buckets DFIR use cases for using Logs Explorer Familiarizing with Logs Explorer VPC Flow Logs Enabling VPC Flow Logs Hunting VPC Flow Logs for malicious activities Packet Mirroring Compute Engine logs GCP’s logging platform GCP’s default logging Logging Dataflow pipelines GCP storage logs Storage permissions Storage object logging Investigating GCP Cloud storage logs Cloud Security Command Center (Cloud SCC) IAM roles Threats and Findings dashboards GCP Cloud Shell Summary Further reading Chapter 7: Cloud Productivity Suites Overview of Microsoft 365 and Google Workspace core services Microsoft 365 Google Workspace IAM in Microsoft 365 and Google Workspace Microsoft 365 Google Workspace Auditing and compliance features in Microsoft 365 and Google Workspace Microsoft 365’s Security and Compliance Center (Microsoft Purview) Google Workspace Admin console and security features Summary Further reading Part 3: Cloud Forensic Analysis – Responding to an Incident in the Cloud Chapter 8: The Digital Forensics and Incident Response Process The basics of the incident response process Tools and techniques for digital forensic investigations Prerequisites Cloud host forensics Memory forensics Live forensic analysis and threat hunting EDR-based threat hunting Hunting for malware Common persistence mechanisms Network forensics Basic networking concepts Cloud network forensics – log sources and tools Network investigation tools Malware investigations Setting up your malware analysis lab Working with packed malware Binary comparison Traditional forensics versus cloud forensics Summary Further reading Chapter 9: Common Attack Vectors and TTPs MITRE ATT&CK framework Forensic triage collections Host-based forensics Evidence of intrusion Prefetch analysis AmCache analysis ShimCache analysis Windows Event Logs Analyzing memory dumps Misconfigured virtual machine instances Unnecessary ports left open Default credentials left unchanged Outdated or unpatched software Publicly exposed sensitive data (or metadata) Misconfigured storage buckets Public permissions Exposed API keys or credentials Improper use of IAM policies Cloud administrator portal breach Summary Further reading Chapter 10: Cloud Evidence Acquisition Forensic acquisition of AWS instance Step 1 – creating EC2 volume snapshots Step 2 – acquiring OS memory images Step 3 – creating a forensic collector instance Step 4 – creating and attaching infected volume from snapshots Step 5 – exporting collected images to AWS S3 for offline processing Forensic acquisition of Microsoft Azure Instances Step 1 – creating an Azure VM Snapshot Step 2 – exporting an Azure VM snapshot directly Step 3 – connecting to an Azure VM for memory imaging Forensic acquisition of GCP instances Step 1 – creating a snapshot of the compute engine instance Step 2 – attaching a snapshot disk for forensic acquisition Step 3 – connecting to the GCP compute engine instance for memory acquisition Summary Further reading Chapter 11: Analyzing Compromised Containers What are containers? Docker versus Kubernetes Types of containers and their use cases Detecting and analyzing compromised containers About the Kubernetes orchestration platform Acquiring forensic data and container logs for analysis Summary Further reading Chapter 12: Analyzing Compromised Cloud Productivity Suites Business email compromise explained BEC attack phases Common types of BECs Initial scoping and response Remediation steps Microsoft 365 incident response Tooling Analysis Google Workspace incident response Tooling Analysis Summary Further reading Index Other Books You May Enjoy
