Computer Incident Response and Forensics Team Management

Computer Incident Response and Forensics Team Management

Conducting a Successful Incident Response

1st Edition - November 8, 2013

Write a review

  • Author: Leighton Johnson
  • eBook ISBN: 9780124047259
  • Paperback ISBN: 9781597499965

Purchase options

Purchase options
DRM-free (Mobi, EPub, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members. Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components.

Key Features

  • Provides readers with a complete handbook on computer incident response from the perspective of forensics team management
  • Identify the key steps to completing a successful computer incident response investigation
  • Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams


Information security professionals and consultants of all levels, incident responders, security managers, digital forensics analysts, digital forensics investigators, law enforcement officers, private investigators, government security officers. Criminal Justice students, Computer Security students, and Forensics students.

Table of Contents

  • Dedication

    About the Author

    Section 1. Introduction

    Section 2. Definitions


    Part 1: Incident Response Team

    Part 1. Incident Response Team

    Section 3. The Stages of Incident Response

    Methodology #1

    Methodology #2

    Post-incident Activity

    Section 4. The Security Incident Response Team Members

    Types of Technical Skills Needed

    Types of Personal Skills Needed

    Section 5. Incident Evidence

    Section 6. Incident Response Tools

    Section 7. Incident Response Policies and Procedures

    SIRT IR Policies

    Corporate IR Strategy and General Use Security Policies

    Section 8. Legal Requirements and Considerations



    Investigation Guidelines

    Section 9. Governmental Laws, Policies, and Procedures

    US Government

    Canadian Government


    Part 2: Forensics Team

    Part 2. Forensics Team

    Section 10. Forensics Process









    Section 11. Forensics Team Requirements Members

    Member Criteria

    Member Expertise

    Member Certification

    Section 12. Forensics Team Policies and Procedures

    Forensics Analysis Process

    Data Collection

    Chain of Custody

    Evidence Handling and Control

    Evidence “Hand-over” to External Parties, LEO

    Hardware Specific Acquisition—SIM Cards, Cell Phone, USB Storage, etc.

    Data Type Acquisition—Audio Files, Video Files, Image Files, Network Files, Log Files

    Investigation Process

    Examination Process

    Data Review

    Research Requirements

    Forensics Reporting

    Analysis of Results

    Expert Witness Process

    Section 13. Management of Forensics Evidence Handling

    Chain of Evidence

    US Federal Rules of Civil Procedure

    UK Civil Procedure Rules

    Section 14. Forensics Tools

    Types of Forensics Tools

    Tools for Specific Operating Systems and Platforms

    Section 15. Legalities of Forensics

    Reasons for Legal, Statutory, and Regulatory Compliance

    US Criteria, Laws, and Regulations

    EU Criteria, Laws, and Regulations

    Section 16. Forensics Team Oversight

    Investigator’s Code of Conduct

    Use of Templates for Information Recording

    Part 3: General Management and Team

    Part 3. General Management and Team

    External Considerations

    Section 17. General Team Management

    Corporate Level Management Considerations

    Corporate Needs to Support the Team Activities

    Third-Party Support During and After Events

    Section 18. Corporate IT-Related Security Relationship with SIR&FT

    Basic IT Control and Security Areas of Interest

    Section 19. Relationship Management

    Section 20. Conclusion

    The Incident Response Team

    The Forensics Team

    Final Words

    Appendix A. References

    Incident Response Online Resources

    Appendix B. Relevant Incident Response and Forensics Publications from Governmental Agencies and Organizations



    Appendix C. Forensics Team Templates


Product details

  • No. of pages: 352
  • Language: English
  • Copyright: © Syngress 2013
  • Published: November 8, 2013
  • Imprint: Syngress
  • eBook ISBN: 9780124047259
  • Paperback ISBN: 9781597499965

About the Author

Leighton Johnson

Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of cybersecurity & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations, training events and seminars all across the United States, Asia and Europe. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense activities.

Affiliations and Expertise

CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT)

Ratings and Reviews

Write a review

There are currently no reviews for "Computer Incident Response and Forensics Team Management"