Incident Response

Computer Forensics Toolkit

Douglas Schweitzer

322 pages, parution le 06/05/2003

Ajouter à une liste

Indisponible

Résumé

Your in-depth guide to detecting network breaches, uncovering evidence, and preventing future attacks Whether it's from malicious code sent through an e-mail or an unauthorized user accessing company files, your network is vulnerable to attack. Your response to such incidents is critical. With this comprehensive guide, Douglas Schweitzer arms you with the tools to reveal a security breach, gather evidence to report the crime, and conduct audits to prevent future attacks. He also provides you with a firm understanding of the methodologies for incident response and computer forensics, Federal Computer Crime law information and evidence requirements, legal issues, and how to work with law enforcement.

You'll learn how to:

Recognize the telltale signs of an incident and take specific response measures
Search for evidence by preparing operating systems, identifying network devices, and collecting data from memory
Analyze and detect when malicious code enters the system and quickly locate hidden files
Perform keyword searches, review browser history, and examine Web caches to retrieve and analyze clues
Create a forensics toolkit to prop-erly collect and preserve evidence
Contain an incident by severing network and Internet connections, and then eradicate any vulnerabilities you uncover
Anticipate future attacks and monitor your system accordingly
Prevent espionage, insider attacks, and inappropriate use of the network
Develop policies and procedures to carefully audit the system

CD-ROM includes:

Helpful tools to capture and protect forensic data; search volumes, drives, and servers for evidence; and rebuild systems quickly after evidence has been obtained
Valuable checklists developed by the author for all aspects of incident response and handling

Contents

Chapter 1: Computer Forensics and Incident Response Essentials
Chapter 2: Addressing Law Enforcement Considerations
Chapter 3: Forensic Preparation and Preliminary Response
Chapter 4: Windows Registry, Recycle Bin, and Data Storage
Chapter 5: Analyzing and Detecting Malicious Code and Intruders
Chapter 6: Retrieving and Analyzing Clues
Chapter 7: Procedures for Collecting and Preserving Evidence
Chapter 8: Incident Containment and Eradication of Vulnerabilities
Chapter 9: Disaster Recovery and Follow-Up
Chapter 10: Responding to Different Types of Incidents
Chapter 11: Assessing System Security to Prevent Further Attacks
Chapter 12: Pulling It All Together

Appendix A: What's on the CD-ROM
Appendix B: Commonly Attacked Ports
Appendix C: Field Guidance on USA Patriot Act 2001
Appendix D: Computer Records and the Federal Rules of Evidence
Appendix E: Glossary

L'auteur - Douglas Schweitzer

Douglas Schweitzer, A+, Network+, i-Net+, CCNA, CIW, Brainbench Internet Security CertiÞed, is vice-president at an actuarial consulting Þrm, where he is responsible for network security and design. He is also the author of Internet Security Made Easy.

Caractéristiques techniques

	PAPIER
Éditeur(s)	Wiley
Auteur(s)	Douglas Schweitzer
Parution	06/05/2003
Nb. de pages	322
Format	18,5 x 23,5
Couverture	Broché
Poids	551g
Intérieur	Noir et Blanc
EAN13	9780764526367
ISBN13	978-0-7645-2636-7