Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methods behind--and remediation strategies for--today's most insidious attacks.
Architect an infrastructure that allows for methodical investigation and remediation
Develop leads, identify indicators of compromise, and determine incident scope
Collect and preserve live data
Perform forensic duplication
Analyze data from networks, enterprise services, and applications
Investigate Windows and Mac OS X systems
Perform malware triage
Write detailed incident response reports
Create and implement comprehensive remediation plans
Jason T. Luttgens is a former technical director of the security consulting firm Mandiant where he led dozens of global investigations involving industrial espionage, cardholder data theft, and other crimes. A veteran of the U.S. Air Force, he served in the Office of Special Investigations and at the Department of Defense's Computer Forensics Laboratory.
Matthew Pepe is a senior technical director and co-founder of Mandiant where he has led numerous investigations, serves as a subject matter expert, and developed the forensic capabilities that are in use today. A veteran of the U.S. Air Force, he served in the Office of Special Investigations' Computer Forensics Laboratory.
Kevin Mandia is senior vice president and chief operating officer of FireEye. He founded Mandiant in 2004 and served as the chief executive officer. While in the U.S. Air Force, Kevin served as a computer security officer at the Pentagon and as a special agent in the Air Force Office of Special Investigations.
Keywords: Investigating computer crime, incident response and disaster recovery, computer forensic investigation, network security, data breach, intrusion detection, hacking, data collection, forensic duplication, Windows, UNIX, Mac OS, malware triage, remediation, penetration testing, Black Hat, DoD CyberCrime, ShmooCon, Infragard, ISACA, Mandiant, denial-of-service, DoS, DDOS, attacks, Hacking Exposed, Hacking Exposed Web 2.0, Hacking Exposed VoIP, Hacking Exposed Windows, Hacking Exposed Web Applications, Hacking Exposed Cisco Networks, Gray Hat Hacking, Hacking Exposed Wireless, Hacking Exposed Computer Forensics, Advanced Persistent Threats, Tactics & Techniques for Gray Hat Hacking, Advanced Malware Analysis, Social Engineering in IT, Information Assurance Handbook, Effective Computer Security and Risk Management Strategies, CHFI Computer Hacking Forensic Investigator All-in-One Exam Guide, CCFP Certified Cyber Forensics Professional All-in-One Exam Guide, Mike Meyers' CompTIA Security+ Certification Guide, 19 Deadly Sins of Software Security, 24 Deadly Sins of Software Security, CCNA Cisco Certified Network Associate Study Guide, CCENT Cisco Certified Entry Networking Technician Study Guide, CCNA Cisco Certified Network Associate Wireless Study Guide, CISSP All-in-One Exam Guide, Mobile Application Security, Hacking Exposed Malware and Rootkits, Hacking Exposed Computer Forensics, Hacking Exposed Virtualization & Cloud Computing, IT Security Metrics, Security Information and Event Management (SIEM) Implementation, IT Auditing, CISSP Boxed Set, CISA Certified Information Systems Auditor All-in-One Exam Guide, Mike Meyers' CompTIA Security+ Certification Passport, Security+ All-in-One Exam Guide, CompTIA A+ Certification All-in-One Exam Guide