دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: Second
نویسندگان: Gerard Johansen
سری:
ISBN (شابک) : 9781838644086, 183864900X
ناشر:
سال نشر: 2020
تعداد صفحات: 432
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 68 مگابایت
در صورت تبدیل فایل کتاب Digital forensics and incident response : incident response techniques and procedures to respond to modern cyber threats به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب پزشکی قانونی دیجیتال و واکنش به حادثه: تکنیک ها و روش های واکنش به حادثه برای پاسخ به تهدیدات سایبری مدرن نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Cover Title Page Copyright and Credits About Packt Contributors Table of Contents Preface Section 1: Foundations of Incident Response and Digital Forensics Chapter 1: Understanding Incident Response The incident response process The role of digital forensics The incident response framework The incident response charter CSIRT CSIRT core team Technical support personnel Organizational support personnel External resources The incident response plan Incident classification The incident response playbook Escalation procedures Testing the incident response framework Summary Questions Further reading Chapter 2: Managing Cyber Incidents Engaging the incident response team CSIRT models Security Operations Center escalation SOC and CSIRT combined CSIRT fusion center The war room Communications Staff rotation Incorporating crisis communications Internal communications External communications Public notification Investigating incidents Incorporating containment strategies Getting back to normal – eradication and recovery Eradication strategies Recovery strategies Summary Questions Further reading Chapter 3: Fundamentals of Digital Forensics Legal aspects Laws and regulations Rules of evidence Digital forensics fundamentals A brief history The digital forensics process Identification Preservation Collection Proper evidence handling Chain of custody Examination Analysis Presentation Digital forensic lab Physical security Tools Hardware Software Linux forensic tools Jump kits Summary Questions Further reading Section 2: Evidence Acquisition Chapter 4: Collecting Network Evidence An overview of network evidence Preparation Network diagram Configuration Firewalls and proxy logs Firewalls Web proxy server NetFlow Packet captures tcpdump WinPcap and RawCap Wireshark Evidence collection Summary Questions Further reading Chapter 5: Acquiring Host-Based Evidence Preparation Order of volatility Evidence acquisition Evidence collection procedures Acquiring volatile memory Local acquisition FTK Imager Winpmem RAM Capturer Remote acquisition Winpmem Virtual machines Acquiring non-volatile evidence CyLR.exe Checking for encryption Summary Questions Further reading Chapter 6: Forensic Imaging Understanding forensic imaging Imaging tools Preparing a stage drive Using write blockers Imaging techniques Dead imaging Imaging using FTK Imager Live imaging Remote memory acquisition WinPmem F-Response Virtual machines Linux imaging Summary Questions Further reading Section 3: Analyzing Evidence Chapter 7: Analyzing Network Evidence Network evidence overview Analyzing firewall and proxy logs DNS blacklists SIEM tools The Elastic Stack Analyzing NetFlow Analyzing packet captures Command-line tools Moloch Wireshark Summary Questions Further reading Chapter 8: Analyzing System Memory Memory analysis overview Memory analysis methodology SANS six-part methodology Network connections methodology Memory analysis tools Memory analysis with Redline Redline analysis process Redline process analysis Memory analysis with Volatility Installing Volatility Working with Volatility Volatility image information Volatility process analysis Process list Process scan Process tree DLL list Handles plugin LDR modules Process xview Volatility network analysis connscan Volatility evidence extraction Memory dump DLL file dump Executable dump Memory analysis with strings Installing Strings IP address search HTTP Search Summary Questions Further reading Chapter 9: Analyzing System Storage Forensic platforms Autopsy Installing Autopsy Opening a case Navigating Autopsy Examining a case Web artifacts Email Attached devices Deleted files Keyword searches Timeline analysis MFT analysis Registry analysis Summary Questions Further reading Chapter 10: Analyzing Log Files Logging and log management Working with event management systems Security Onion Elastic Stack Understanding Windows logs Analyzing Windows event logs Acquisition Triage Analysis Event Log Explorer Analyzing logs with Skadi Summary Questions Further reading Chapter 11: Writing the Incident Report Documentation overview What to document Types of documentation Sources Audience Incident tracking Fast Incident Response Written reports Executive summary Incident report Forensic report Summary Questions Further reading Section 4: Specialist Topics Chapter 12: Malware Analysis for Incident Response Malware classifications Malware analysis overview Static analysis Dynamic analysis Analyzing malware Static analysis ClamAV PeStudio REMnux YARA Dynamic analysis Malware sandbox Process Explorer Process Spawn Control Cuckoo Sandbox Summary Questions Further reading Chapter 13: Leveraging Threat Intelligence Understanding threat intelligence Threat intelligence types Pyramid of pain Threat intelligence methodology Threat intelligence direction Cyber kill chain Diamond model Threat intelligence sources Internally developed sources Commercial sourcing Open source Threat intelligence platforms MISP threat sharing Using threat intelligence Proactive threat intelligence Reactive threat intelligence Autopsy Adding IOCs to Redline Yara and Loki Summary Questions Further reading Chapter 14: Hunting for Threats The threat hunting maturity model Threat hunt cycle Initiating event Creating a working hypothesis Leveraging threat intelligence Applying forensic techniques Identifying new indicators Enriching the existing hypothesis MITRE ATT&CK Threat hunt planning Threat hunt reporting Summary Questions Further reading Appendix Assessment Other Books You May Enjoy Index