AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response
Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
Build your organization's cyber defense system by effectively implementing digital forensics and incident management techniques Key Features Create a solid incident response framework and manage cyber incidents effectively Perform malware analysis for effective incident response Explore real-life scenarios that effectively use threat intelligence and modeling techniques Book Description An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information...
Digital Forensics for Legal Professionals provides you with a guide to digital technology forensics in plain English. In the authors' years of experience in working with attorneys as digital forensics experts, common questions arise again and again: “What do I ask for?? “Is the evidence relevant?? “What does this item in the forensic report mean?? “What should I ask the other expert?? “What should I ask you?? “Can you explain that to a jury?? This book answers many of those questions in clear language that is understandable by non-technical people. With many illustrations and diagrams that will be usable in...
Based on the use of open source tools, this book lends itself to many organizations as well as students who do not have means to purchase new tools for different investigations. Well known forensic methods are demonstrated using open-source computer forensic tools (Sleuthkit, Foremost, dcdd, pyag, etc.) for examining a wide range of target systems (Windows, Mac, Linux, Unix, etc.). The digital forensics industry is growing a rapid pace and this book is perfect for someone entering the field that does not have access to corporate tools. Written by world-renowned forensic practitioners Covers open source forensics tools for all major...
The official, Guidance Software-approved book on the newest EnCE exam!
The EnCE exam tests that computer forensic analysts and examiners have thoroughly mastered computer investigation methodologies, as well as the use of Guidance Software's EnCase Forensic 7. The only official Guidance-endorsed study guide on the topic, this book prepares you for the exam with extensive coverage of all exam topics, real-world scenarios, hands-on exercises, up-to-date legal information, and sample evidence files, flashcards, and more.
Moves beyond the basics and shows how to use tools to recover and analyze forensic evidence.
The Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field. It is also designed as an accompanying text to Digital Evidence and Computer Crime, now in its third edition, providing advanced material from specialists in each area of Digital Forensics. This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically,...
The definitive guide to incident response--updated for the first time in a decade! Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methods behind--and remediation strategies for--today's most insidious attacks. Architect an infrastructure that allows for methodical investigation and remediation Develop leads, identify indicators of compromise, and determine incident...
Explore the world of modern human-operated ransomware attacks, along with covering steps to properly investigate them and collecting and analyzing cyber threat intelligence using cutting-edge methods and tools Key Features: Understand modern human-operated cyber attacks, focusing on threat actor tactics, techniques, and procedures Collect and analyze ransomware-related cyber threat intelligence from various sources Use forensic methods and tools to reconstruct ransomware attacks and prevent them in the early stages Book Description: Ransomware attacks have become the strongest and most persistent threat for many companies around the globe. Building an effective incident response plan to prevent a ransomware attack is crucial...
Threat intelligence—understanding the who, why, and how of attacks—is most valuable when applied directly to an organization’s incident response capability for hunting and investigation. Threat intelligence has become more common and important in recent years. However, many professionals want a better understanding of how to apply this intelligence within their operations and organizations. This book explains the fundamentals of intelligence analysis and the best ways to apply it to your incident response function.
A reference manual for Linux that has descriptions of core functions and and has command line tools, with popular applications such as docker and kubectl
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Master the tools and techniques of mobile forensic investigations Conduct mobile forensic investigations that are legal, ethical, and highly effective using the detailed information contained in this practical guide. Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition fully explains the latest tools and methods along with features, examples, and real-world case studies. Find out how to assemble a mobile forensics lab, collect prosecutable evidence, uncover hidden files, and...
A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack. Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You’ll learn how Linux...
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. You'll learn how to: –Set up a safe virtual environment to analyze malware –Quickly extract network signatures and host-based indicators –Use...
Become well-versed with forensics for the Android, iOS, and Windows 10 mobile platforms by learning essential techniques and exploring real-life scenarios Key Features Apply advanced forensic techniques to recover deleted data from mobile devices Retrieve and analyze data stored not only on mobile devices but also on the cloud and other connected mediums Use the power of mobile forensics on popular mobile platforms by exploring different tips, tricks, and techniques Book Description Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This updated fourth edition of Practical Mobile Forensics delves into the...
A practical guide to understanding and analyzing cyber attacks by advanced attackers, such as nation states. Cyber attacks are no longer the domain of petty criminals. Today, companies find themselves targeted by sophisticated nation state attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players in these cyber wars, the techniques they use, and the process of analyzing their advanced attacks. Whether you’re an individual researcher or part of a team within a Security Operations Center (SoC), you’ll learn to approach, track, and attribute attacks to these advanced actors....
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the...
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as...
For nearly two decades, IT professionals have considered the free Sysinternals tools absolutely indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. Today, with new tools and many enhancements throughout, Sysinternals is more valuable than ever. In Troubleshooting with the Windows Sysinternals Tools, Second Edition, Sysinternals creator Mark Russinovich and Windows administration expert Aaron Margosis show how to use it to maximize the reliability, efficiency, performance, and security of all your Windows systems. Russinovich and Margosis begin by introducing Sysinternals' goals and capabilities, and offering practical guidance for getting started. Next, they offer in-depth coverage of each major Sysinternals...
Delve inside Windows architecture and internals - and see how core components work behind the scenes. This classic guide has been fully updated for Windows 8.1 and Windows Server 2012 R2, and now presents its coverage in three volumes: Book 1, User Mode; Book 2, Kernel Mode; Book 3, Device Driver Models. In Book 1, you'll plumb Windows fundamentals, independent of platform - server, desktop, tablet, phone, Xbox. Coverage focuses on high-level functional descriptions of the various Windows components and features that interact with, or are manipulated by, user mode programs, or applications. You'll also examine management mechanisms and operating...
Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support. Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves "under the hood" with hands-on experiments that let you experience these hidden behaviors firsthand. Part 2 examines these and other key Windows 10 OS components and capabilities: Startup and shutdown The Windows Registry Windows management mechanisms WMI System mechanisms...