SØG - mellem flere end 8 millioner bøger:
Viser: Investigating the Cyber Breach - The Digital Forensics Guide for the Network Engineer
Investigating the Cyber Breach Vital Source e-bog
Joseph Muniz og Aamir Lakhani
(2018)
Pearson International
299,00 kr.
269,10 kr.
Leveres umiddelbart efter køb
Investigating the Cyber Breach Vital Source e-bog
Joseph Muniz og Aamir Lakhani
(2018)
Pearson International
362,00 kr.
325,80 kr.
Leveres umiddelbart efter køb
Investigating the Cyber Breach Vital Source e-bog
Joseph Muniz og Aamir Lakhani
(2018)
Pearson International
253,00 kr.
227,70 kr.
Leveres umiddelbart efter køb
Investigating the Cyber Breach
The Digital Forensics Guide for the Network Engineer
Joseph Muniz og Aamir Lakhani
(2018)
Sprog: Engelsk
Pearson Education, Limited
514,00 kr.
462,60 kr.
ikke på lager, Bestil nu og få den leveret
om ca. 10 hverdage
om ca. 10 hverdage
Detaljer om varen
- 1. Udgave
- Vital Source 180 day rentals (dynamic pages)
- Udgiver: Pearson International (Januar 2018)
- Forfattere: Joseph Muniz og Aamir Lakhani
- ISBN: 9780134755816R180
Investigating the Cyber Breach The Digital Forensics Guide for the Network Engineer · Understand the realities of cybercrime and today’s attacks · Build a digital forensics lab to test tools and methods, and gain expertise · Take the right actions as soon as you discover a breach · Determine the full scope of an investigation and the role you’ll play · Properly collect, document, and preserve evidence and data · Collect and analyze data from PCs, Macs, IoT devices, and other endpoints · Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence · Analyze iOS and Android devices, and understand encryption-related obstacles to investigation · Investigate and trace email, and identify fraud or abuse · Use social media to investigate individuals or online identities · Gather, extract, and analyze breach data with Cisco tools and techniques · Walk through common breaches and responses from start to finish · Choose the right tool for each task, and explore alternatives that might also be helpful The professional’s go-to digital forensics resource for countering attacks right now Today, cybersecurity and networking professionals know they can’t possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that. Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You’ll learn how to make the most of today’s best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more. Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now. This book is part of the Networking Technology: Security Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Licens varighed:
Bookshelf online: 180 dage fra købsdato.
Bookshelf appen: 180 dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 2 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Bookshelf online: 180 dage fra købsdato.
Bookshelf appen: 180 dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 2 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- 1. Udgave
- Vital Source 365 day rentals (dynamic pages)
- Udgiver: Pearson International (Januar 2018)
- Forfattere: Joseph Muniz og Aamir Lakhani
- ISBN: 9780134755816R365
Investigating the Cyber Breach The Digital Forensics Guide for the Network Engineer · Understand the realities of cybercrime and today’s attacks · Build a digital forensics lab to test tools and methods, and gain expertise · Take the right actions as soon as you discover a breach · Determine the full scope of an investigation and the role you’ll play · Properly collect, document, and preserve evidence and data · Collect and analyze data from PCs, Macs, IoT devices, and other endpoints · Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence · Analyze iOS and Android devices, and understand encryption-related obstacles to investigation · Investigate and trace email, and identify fraud or abuse · Use social media to investigate individuals or online identities · Gather, extract, and analyze breach data with Cisco tools and techniques · Walk through common breaches and responses from start to finish · Choose the right tool for each task, and explore alternatives that might also be helpful The professional’s go-to digital forensics resource for countering attacks right now Today, cybersecurity and networking professionals know they can’t possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that. Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You’ll learn how to make the most of today’s best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more. Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now. This book is part of the Networking Technology: Security Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Licens varighed:
Bookshelf online: 5 år fra købsdato.
Bookshelf appen: 5 år fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 2 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Bookshelf online: 5 år fra købsdato.
Bookshelf appen: 5 år fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 2 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- 1. Udgave
- Vital Source 90 day rentals (dynamic pages)
- Udgiver: Pearson International (Januar 2018)
- Forfattere: Joseph Muniz og Aamir Lakhani
- ISBN: 9780134755816R90
Investigating the Cyber Breach The Digital Forensics Guide for the Network Engineer · Understand the realities of cybercrime and today’s attacks · Build a digital forensics lab to test tools and methods, and gain expertise · Take the right actions as soon as you discover a breach · Determine the full scope of an investigation and the role you’ll play · Properly collect, document, and preserve evidence and data · Collect and analyze data from PCs, Macs, IoT devices, and other endpoints · Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence · Analyze iOS and Android devices, and understand encryption-related obstacles to investigation · Investigate and trace email, and identify fraud or abuse · Use social media to investigate individuals or online identities · Gather, extract, and analyze breach data with Cisco tools and techniques · Walk through common breaches and responses from start to finish · Choose the right tool for each task, and explore alternatives that might also be helpful The professional’s go-to digital forensics resource for countering attacks right now Today, cybersecurity and networking professionals know they can’t possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that. Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You’ll learn how to make the most of today’s best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more. Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now. This book is part of the Networking Technology: Security Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Licens varighed:
Bookshelf online: 90 dage fra købsdato.
Bookshelf appen: 90 dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 2 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Bookshelf online: 90 dage fra købsdato.
Bookshelf appen: 90 dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 2 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- Paperback: 464 sider
- Udgiver: Pearson Education, Limited (Oktober 2018)
- Forfattere: Joseph Muniz og Aamir Lakhani
- ISBN: 9781587145025
Investigating the Cyber Breach The Digital Forensics Guide for the Network Engineer
- Understand the realities of cybercrime and today's attacks - Build a digital forensics lab to test tools and methods, and gain expertise - Take the right actions as soon as you discover a breach - Determine the full scope of an investigation and the role you'll play - Properly collect, document, and preserve evidence and data - Collect and analyze data from PCs, Macs, IoT devices, and other endpoints - Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence - Analyze iOS and Android devices, and understand encryption-related obstacles to investigation - Investigate and trace email, and identify fraud or abuse - Use social media to investigate individuals or online identities - Gather, extract, and analyze breach data with Cisco tools and techniques - Walk through common breaches and responses from start to finish - Choose the right tool for each task, and explore alternatives that might also be helpful
The professional's go-to digital forensics resource for countering attacks right now Today, cybersecurity and networking professionals know they can't possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that.
Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You'll learn how to make the most of today's best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more.
Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now.
This book is part of the Networking Technology: Security Series from Cisco Press(R), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
- Understand the realities of cybercrime and today's attacks - Build a digital forensics lab to test tools and methods, and gain expertise - Take the right actions as soon as you discover a breach - Determine the full scope of an investigation and the role you'll play - Properly collect, document, and preserve evidence and data - Collect and analyze data from PCs, Macs, IoT devices, and other endpoints - Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence - Analyze iOS and Android devices, and understand encryption-related obstacles to investigation - Investigate and trace email, and identify fraud or abuse - Use social media to investigate individuals or online identities - Gather, extract, and analyze breach data with Cisco tools and techniques - Walk through common breaches and responses from start to finish - Choose the right tool for each task, and explore alternatives that might also be helpful
The professional's go-to digital forensics resource for countering attacks right now Today, cybersecurity and networking professionals know they can't possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that.
Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You'll learn how to make the most of today's best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more.
Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now.
This book is part of the Networking Technology: Security Series from Cisco Press(R), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Introduction xix
Chapter 1 Digital Forensics 1 Defining Digital Forensics 3 Engaging Forensics Services 4 Reporting Crime 7 Search Warrant and Law 9 Forensic Roles 13 Forensic Job Market 15 Forensic Training 16 Summary 23 References 24
Chapter 2 Cybercrime and Defenses 25 Crime in a Digital Age 27 Exploitation 31 Adversaries 34 Cyber Law 36 Summary 39 Reference 39
Chapter 3 Building a Digital Forensics Lab 41 Desktop Virtualization 42 VMware Fusion 43 VirtualBox 44 Installing Kali Linux 44 Attack Virtual Machines 52 Cuckoo Sandbox 56 Virtualization Software for Cuckoo 58 Installing TCPdump 58 Creating a User on VirtualBox for Cuckoo 59 Binwalk 60 The Sleuth Kit 61 Cisco Snort 62 Windows Tools 67 Physical Access Controls 68 Storing Your Forensics Evidence 71 Network Access Controls 72 Jump Bag 74 Summary 74 References 75
Chapter 4 Responding to a Breach 77 Why Organizations Fail at Incident Response 78 Preparing for a Cyber Incident 80 Defining Incident Response 81 Incident Response Plan 82 Assembling Your Incident Response Team 84 When to Engage the Incident Response Team 85 Outstanding Items that Often Get Missed with Incident Response 88 Phone Tree and Contact List 88 Facilities 89 Responding to an Incident 89 Assessing Incident Severity 91 Following Notification Procedures 92 Employing Post-Incident Actions and Procedures 93 Identifying Software Used to Assist in Responding to a Breach 93 Trend Analysis Software 94 Security Analytics Reference Architectures 94 Other Software Categories 97 Summary 97 References 98
Chapter 5 Investigations 99 Pre-Investigation 100 Opening a Case 102 First Responder 105 Device Power State 110 Search and Seizure 113 Chain of Custody 118 Network Investigations 121 Forensic Reports 127 Case Summary 129 Example 129 Acquisition and Exam Preparation 129 Example 129 Findings 130 Example 130 Conclusion 130 Example 131 List of Authors 131 Example 131 Closing the Case 132 Critiquing the Case 136 Summary 139 References 139
Chapter 6 Collecting and Preserving Evidence 141 First Responder 141 Evidence 144 Autopsy 145 Authorization 147 Hard Drives 148 Connections and Devices 150 RAID 152 Volatile Data 153 DumpIt 154 LiME 154 Volatility 156 Duplication 158 dd 161 dcfldd 161 ddrescue 162 Netcat 162 Guymager 163 Compression and Splitting 164 Hashing 166 MD5 and SHA Hashing 168 Hashing Challenges 169 Data Preservation 170 Summary 172 References 172
Chapter 7 Endpoint Forensics 173 File Systems 174 Locating Data 178 Unknown Files 180 Windows Registry 182 Deleted Files 185 Windows Recycle Bin 187 Shortcuts 189 Printer Spools 190 Slack Space and Corrupt Clusters 191 Alternate Data Streams 196 Mac OS X 198 OS X Artifacts 199 Log Analysis 202 IoT Forensics 207 Summary 210 References 211
Chapter 8 Network Forensics 213 Network Protocols 214 Security Tools 215 Firewall 219 Intrusion Detection and Prevention System 219 Content Filter 219 Network Access Control 220 Packet Capturing 223 NetFlow 224 Sandbox 225 Honeypot 226 Security Information and Event Manager (SIEM) 228 Threat Analytics and Feeds 229 Security Tool Summary 229 Security Logs 229 Network Baselines 233 Symptoms of Threats 235 Reconnaissance 235 Exploitation 238 Malicious Behavior 242 Beaconing 244 Brute Force 249 Exfiltration 250 Other Indicators 254 Summary 255 References 255
Chapter 9 Mobile Forensics 257 Mobile Devices 258 Investigation Challenges 258 iOS Architecture 259 iTunes Forensics 261 iOS Snapshots 263 How to Jailbreak the iPhone 265 Android 266 PIN Bypass 270 How to Brute Force Passcodes on the Lock Screen 271 Forensics with Commercial Tools 272 Call Logs and SMS Spoofing 274 Voicemail Bypass 275 How to Find Burner Phones 276 SIM Card Cloning 278 Summary 279 Reference 279
Chapter 10 Email and Social Media 281 A Message in a Bottle 281 Email Header 283 Social Media 288 People Search 288 Google Search 293 Facebook Search 297 Summary 304 References 305
Chapter 11 Cisco Forensic Capabilities 307 Cisco Security Architecture 307 Cisco Open Source 310 Cisco Firepower 312 Cisco Advanced Malware Protection (AMP) 313 Cisco Threat Grid 319 Cisco Web Security Appliance 322 Cisco CTA 323 Meraki 324 Email Security Appliance 326 Cisco Identity Services Engine 328 Cisco Stealthwatch 331 Cisco Tetration 335 Cisco Umbrella 337 Cisco Cloudlock 342 Cisco Network Technology 343 Summary 343 Reference 343
Chapter 12 Forensic Case Studies 345 Scenario
1: Investigating Network Communication 346 Pre-engagement 347 Investigation Strategy for Network Data 348 Investigation 350 Closing the Investigation 355 Scenario
2: Using Endpoint Forensics 357 Pre-engagement 357 Investigation Strategy for Endpoints 358 Investigation 359 Potential Steps to Take 360 Closing the Investigation 362 Scenario
3: Investigating Malware 364 Pre-engagement 364 Investigation Strategy for Rogue Files 365 Investigation 365 Closing the Investigation 369 Scenario
4: Investigating Volatile Data 370 Pre-engagement 371 Investigation Strategy for Volatile Data 372 Investigation 373 Closing the Investigation 375 Scenario
5: Acting as First Responder 377 Pre-engagement 377 First Responder Strategy 377 Closing the Investigation 379 Summary 381 References 382
Chapter 13 Forensic Tools 383 Tools 384 Slowloris DDOS Tool:
Chapter 2 385 Low Orbit Ion Cannon 386 VMware Fusion:
Chapter 3 386 VirtualBox:
Chapter 3 387 Metasploit:
Chapter 3 388 Cuckoo Sandbox:
Chapter 3 389 Cisco Snort:
Chapter 3 389 FTK Imager: Chapters 3, 9 390 FireEye Redline:
Chapter 3 391 P2 eXplorer:
Chapter 3 392 PlainSight:
Chapter 3 392 Sysmon:
Chapter 3 393 WebUtil:
Chapter 3 393 ProDiscover Basics:
Chapter 3 393 Solarwinds Trend Analysis Module:
Chapter 4 394 Splunk:
Chapter 4 394 RSA Security Analytics:
Chapter 4 395 IBM''s QRadar:
Chapter 4 396 HawkeyeAP:
Chapter 4 396 WinHex: Chapters 6, 7 396 OSForensics:
Chapter 6 397 Mount Image Pro:
Chapter 6 397 DumpIt:
Chapter 6 398 LiME:
Chapter 6 398 TrIDENT:
Chapter 7 398 PEiD:
Chapter 7 399 Lnkanalyser:
Chapter 7 399 Windows File Analyzer:
Chapter 7 399 LECmd:
Chapter 7 401 SplViewer:
Chapter 7 401 PhotoRec:
Chapter 7 402 Windows Event Log:
Chapter 7 402 Log Parser Studio:
Chapter 7 403 LogRhythm:
Chapter 8 403 Mobile Devices 404 Elcomsoft:
Chapter 9 404 Cellebrite:
Chapter 9 404 iPhone Backup Extractor:
Chapter 9 405 iPhone Backup Browser:
Chapter 9 405 Pangu:
Chapter 9 405 KingoRoot Application:
Chapter 9 405 Kali Linux Tools 406 Fierce:
Chapter 8 406 TCPdump:
Chapter 3 406 Autopsy and Autopsy with the Sleuth Kit: Chapters 3, 6 406 Wireshark:
Chapter 8 406 Exiftool:
Chapter 7 407 DD:
Chapter 6 407 Dcfldd:
Chapter 6 408 Ddrescue:
Chapter 6 408 Netcat:
Chapter 6 408 Volatility:
Chapter 6 408 Cisco Tools 408 Cisco AMP 408 Stealthwatch:
Chapter 8 409 Cisco WebEx:
Chapter 4 409 Snort:
Chapter 11 409 ClamAV:
Chapter 10 409 Razorback:
Chapter 10 410 Daemonlogger:
Chapter 10 410 Moflow Framework:
Chapter 10 410 Firepower:
Chapter 10 410 Threat Grid:
Chapter 10 410 WSA:
Chapter 10 410 Meraki:
Chapter 10 411 Email Security:
Chapter 10 411 ISE:
Chapter 10 411 Cisco Tetration:
Chapter 10 411 Umbrella:
Chapter 10 411 Norton ConnectSafe: No
Chapter 412 Cloudlock:
Chapter 10 412 Forensic Software Packages 413 FTK Toolkit:
Chapter 3 413 X-Ways Forensics:
Chapter 3 413 OSforensics:
Chapter 6 414 EnCase:
Chapter 7 414 Digital Forensics Framework (DFF):
Chapter 7 414 Useful Websites 414 Shodan:
Chapter 1 414 Wayback Machine:
Chapter 3 415 Robot.txt files:
Chapter 2 415 Hidden Wiki:
Chapter 2 415 NIST:
Chapter 4 416 CVE:
Chapter 4 416 Exploit-DB:
Chapter 4 416 Pastebin: Chapters 4, 10 416 University of Pennsylvania Chain of Custody Form:
Chapter 6 417 List of File Signatures:
Chapter 9 417 Windows Registry Forensics Wiki:
Chapter 7 417 Mac OS Forensics Wiki:
Chapter 7 417 Miscellaneous Sites 417 Searchable FCC ID Database 418 S
Chapter 1 Digital Forensics 1 Defining Digital Forensics 3 Engaging Forensics Services 4 Reporting Crime 7 Search Warrant and Law 9 Forensic Roles 13 Forensic Job Market 15 Forensic Training 16 Summary 23 References 24
Chapter 2 Cybercrime and Defenses 25 Crime in a Digital Age 27 Exploitation 31 Adversaries 34 Cyber Law 36 Summary 39 Reference 39
Chapter 3 Building a Digital Forensics Lab 41 Desktop Virtualization 42 VMware Fusion 43 VirtualBox 44 Installing Kali Linux 44 Attack Virtual Machines 52 Cuckoo Sandbox 56 Virtualization Software for Cuckoo 58 Installing TCPdump 58 Creating a User on VirtualBox for Cuckoo 59 Binwalk 60 The Sleuth Kit 61 Cisco Snort 62 Windows Tools 67 Physical Access Controls 68 Storing Your Forensics Evidence 71 Network Access Controls 72 Jump Bag 74 Summary 74 References 75
Chapter 4 Responding to a Breach 77 Why Organizations Fail at Incident Response 78 Preparing for a Cyber Incident 80 Defining Incident Response 81 Incident Response Plan 82 Assembling Your Incident Response Team 84 When to Engage the Incident Response Team 85 Outstanding Items that Often Get Missed with Incident Response 88 Phone Tree and Contact List 88 Facilities 89 Responding to an Incident 89 Assessing Incident Severity 91 Following Notification Procedures 92 Employing Post-Incident Actions and Procedures 93 Identifying Software Used to Assist in Responding to a Breach 93 Trend Analysis Software 94 Security Analytics Reference Architectures 94 Other Software Categories 97 Summary 97 References 98
Chapter 5 Investigations 99 Pre-Investigation 100 Opening a Case 102 First Responder 105 Device Power State 110 Search and Seizure 113 Chain of Custody 118 Network Investigations 121 Forensic Reports 127 Case Summary 129 Example 129 Acquisition and Exam Preparation 129 Example 129 Findings 130 Example 130 Conclusion 130 Example 131 List of Authors 131 Example 131 Closing the Case 132 Critiquing the Case 136 Summary 139 References 139
Chapter 6 Collecting and Preserving Evidence 141 First Responder 141 Evidence 144 Autopsy 145 Authorization 147 Hard Drives 148 Connections and Devices 150 RAID 152 Volatile Data 153 DumpIt 154 LiME 154 Volatility 156 Duplication 158 dd 161 dcfldd 161 ddrescue 162 Netcat 162 Guymager 163 Compression and Splitting 164 Hashing 166 MD5 and SHA Hashing 168 Hashing Challenges 169 Data Preservation 170 Summary 172 References 172
Chapter 7 Endpoint Forensics 173 File Systems 174 Locating Data 178 Unknown Files 180 Windows Registry 182 Deleted Files 185 Windows Recycle Bin 187 Shortcuts 189 Printer Spools 190 Slack Space and Corrupt Clusters 191 Alternate Data Streams 196 Mac OS X 198 OS X Artifacts 199 Log Analysis 202 IoT Forensics 207 Summary 210 References 211
Chapter 8 Network Forensics 213 Network Protocols 214 Security Tools 215 Firewall 219 Intrusion Detection and Prevention System 219 Content Filter 219 Network Access Control 220 Packet Capturing 223 NetFlow 224 Sandbox 225 Honeypot 226 Security Information and Event Manager (SIEM) 228 Threat Analytics and Feeds 229 Security Tool Summary 229 Security Logs 229 Network Baselines 233 Symptoms of Threats 235 Reconnaissance 235 Exploitation 238 Malicious Behavior 242 Beaconing 244 Brute Force 249 Exfiltration 250 Other Indicators 254 Summary 255 References 255
Chapter 9 Mobile Forensics 257 Mobile Devices 258 Investigation Challenges 258 iOS Architecture 259 iTunes Forensics 261 iOS Snapshots 263 How to Jailbreak the iPhone 265 Android 266 PIN Bypass 270 How to Brute Force Passcodes on the Lock Screen 271 Forensics with Commercial Tools 272 Call Logs and SMS Spoofing 274 Voicemail Bypass 275 How to Find Burner Phones 276 SIM Card Cloning 278 Summary 279 Reference 279
Chapter 10 Email and Social Media 281 A Message in a Bottle 281 Email Header 283 Social Media 288 People Search 288 Google Search 293 Facebook Search 297 Summary 304 References 305
Chapter 11 Cisco Forensic Capabilities 307 Cisco Security Architecture 307 Cisco Open Source 310 Cisco Firepower 312 Cisco Advanced Malware Protection (AMP) 313 Cisco Threat Grid 319 Cisco Web Security Appliance 322 Cisco CTA 323 Meraki 324 Email Security Appliance 326 Cisco Identity Services Engine 328 Cisco Stealthwatch 331 Cisco Tetration 335 Cisco Umbrella 337 Cisco Cloudlock 342 Cisco Network Technology 343 Summary 343 Reference 343
Chapter 12 Forensic Case Studies 345 Scenario
1: Investigating Network Communication 346 Pre-engagement 347 Investigation Strategy for Network Data 348 Investigation 350 Closing the Investigation 355 Scenario
2: Using Endpoint Forensics 357 Pre-engagement 357 Investigation Strategy for Endpoints 358 Investigation 359 Potential Steps to Take 360 Closing the Investigation 362 Scenario
3: Investigating Malware 364 Pre-engagement 364 Investigation Strategy for Rogue Files 365 Investigation 365 Closing the Investigation 369 Scenario
4: Investigating Volatile Data 370 Pre-engagement 371 Investigation Strategy for Volatile Data 372 Investigation 373 Closing the Investigation 375 Scenario
5: Acting as First Responder 377 Pre-engagement 377 First Responder Strategy 377 Closing the Investigation 379 Summary 381 References 382
Chapter 13 Forensic Tools 383 Tools 384 Slowloris DDOS Tool:
Chapter 2 385 Low Orbit Ion Cannon 386 VMware Fusion:
Chapter 3 386 VirtualBox:
Chapter 3 387 Metasploit:
Chapter 3 388 Cuckoo Sandbox:
Chapter 3 389 Cisco Snort:
Chapter 3 389 FTK Imager: Chapters 3, 9 390 FireEye Redline:
Chapter 3 391 P2 eXplorer:
Chapter 3 392 PlainSight:
Chapter 3 392 Sysmon:
Chapter 3 393 WebUtil:
Chapter 3 393 ProDiscover Basics:
Chapter 3 393 Solarwinds Trend Analysis Module:
Chapter 4 394 Splunk:
Chapter 4 394 RSA Security Analytics:
Chapter 4 395 IBM''s QRadar:
Chapter 4 396 HawkeyeAP:
Chapter 4 396 WinHex: Chapters 6, 7 396 OSForensics:
Chapter 6 397 Mount Image Pro:
Chapter 6 397 DumpIt:
Chapter 6 398 LiME:
Chapter 6 398 TrIDENT:
Chapter 7 398 PEiD:
Chapter 7 399 Lnkanalyser:
Chapter 7 399 Windows File Analyzer:
Chapter 7 399 LECmd:
Chapter 7 401 SplViewer:
Chapter 7 401 PhotoRec:
Chapter 7 402 Windows Event Log:
Chapter 7 402 Log Parser Studio:
Chapter 7 403 LogRhythm:
Chapter 8 403 Mobile Devices 404 Elcomsoft:
Chapter 9 404 Cellebrite:
Chapter 9 404 iPhone Backup Extractor:
Chapter 9 405 iPhone Backup Browser:
Chapter 9 405 Pangu:
Chapter 9 405 KingoRoot Application:
Chapter 9 405 Kali Linux Tools 406 Fierce:
Chapter 8 406 TCPdump:
Chapter 3 406 Autopsy and Autopsy with the Sleuth Kit: Chapters 3, 6 406 Wireshark:
Chapter 8 406 Exiftool:
Chapter 7 407 DD:
Chapter 6 407 Dcfldd:
Chapter 6 408 Ddrescue:
Chapter 6 408 Netcat:
Chapter 6 408 Volatility:
Chapter 6 408 Cisco Tools 408 Cisco AMP 408 Stealthwatch:
Chapter 8 409 Cisco WebEx:
Chapter 4 409 Snort:
Chapter 11 409 ClamAV:
Chapter 10 409 Razorback:
Chapter 10 410 Daemonlogger:
Chapter 10 410 Moflow Framework:
Chapter 10 410 Firepower:
Chapter 10 410 Threat Grid:
Chapter 10 410 WSA:
Chapter 10 410 Meraki:
Chapter 10 411 Email Security:
Chapter 10 411 ISE:
Chapter 10 411 Cisco Tetration:
Chapter 10 411 Umbrella:
Chapter 10 411 Norton ConnectSafe: No
Chapter 412 Cloudlock:
Chapter 10 412 Forensic Software Packages 413 FTK Toolkit:
Chapter 3 413 X-Ways Forensics:
Chapter 3 413 OSforensics:
Chapter 6 414 EnCase:
Chapter 7 414 Digital Forensics Framework (DFF):
Chapter 7 414 Useful Websites 414 Shodan:
Chapter 1 414 Wayback Machine:
Chapter 3 415 Robot.txt files:
Chapter 2 415 Hidden Wiki:
Chapter 2 415 NIST:
Chapter 4 416 CVE:
Chapter 4 416 Exploit-DB:
Chapter 4 416 Pastebin: Chapters 4, 10 416 University of Pennsylvania Chain of Custody Form:
Chapter 6 417 List of File Signatures:
Chapter 9 417 Windows Registry Forensics Wiki:
Chapter 7 417 Mac OS Forensics Wiki:
Chapter 7 417 Miscellaneous Sites 417 Searchable FCC ID Database 418 S
De oplyste priser er inkl. moms
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927