更新时间:2021-07-02 18:50:19
coverpage
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Incident Response
The incident response process
The role of digital forensics
The incident response framework
The incident response charter
CSIRT
CSIRT core team
Technical support personnel
Organizational support personnel
External resources
The incident response plan
Incident classification
The incident response playbook
Escalation procedures
Maintaining the incident response capability
Summary
Forensic Fundamentals
Legal aspects
Laws and regulations
Rules of evidence
Digital forensic fundamentals
A brief history
The digital forensic process
Identification
Preservation
Collection
Proper evidence handling
Chain of custody
Examination
Analysis
Presentation
Digital forensic lab
Physical security
Tools
Hardware
Software
Jump kit
Network Evidence Collection
Preparation
Network diagram
Configuration
Logs and log management
Network device evidence
Security information and event management system
Security onion
Packet capture
tcpdump
WinPcap and RawCap
Wireshark
Evidence collection
Acquiring Host-Based Evidence
Evidence volatility
Evidence acquisition
Evidence collection procedures
Memory acquisition
Local acquisition
FTK Imager
Winpmem
Remote acquisition
F-Response
Virtual machines
Non-volatile data
Understanding Forensic Imaging
Overview of forensic imaging
Preparing a stage drive
Imaging
Dead imaging
Live imaging
Imaging with Linux
Network Evidence Analysis
Analyzing packet captures
Command-line tools
Xplico and CapAnalysis
Xplico
