Description

Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members.

Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components.

Key Features

  • Provides readers with a complete handbook on computer incident response from the perspective of forensics team management
  • Identify the key steps to completing a successful computer incident response investigation
  • Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams

Readership

Information security professionals and consultants of all levels, incident responders, security managers, digital forensics analysts, digital forensics investigators, law enforcement officers, private investigators, government security officers. Criminal Justice students, Computer Security students, and Forensics students.

Table of Contents

Dedication

About the Author

Section 1. Introduction

Section 2. Definitions

 

Part 1: Incident Response Team

Part 1. Incident Response Team

Section 3. The Stages of Incident Response

Methodology #1

Methodology #2

Post-incident Activity

Section 4. The Security Incident Response Team Members

Types of Technical Skills Needed

Types of Personal Skills Needed

Section 5. Incident Evidence

Section 6. Incident Response Tools

Section 7. Incident Response Policies and Procedures

SIRT IR Policies

Corporate IR Strategy and General Use Security Policies

Section 8. Legal Requirements and Considerations

Privacy

Ethics

Investigation Guidelines

Section 9. Governmental Laws, Policies, and Procedures

US Government

Canadian Government

EU

Part 2: Forensics Team

Part 2. Forensics Team

Section 10. Forensics Process

Prepare

Identify

Preserve

Select

Examine

Classify

Analyze

Present

Section 11. Forensics Team Requirements Members

Member Criteria

Member Expertise

Member Certification

Section 12. Forensics Team Policies and Procedures

Forensics Analysis Process

Data Collection

Chain of Custody

Evidence Handling and Control

Evidence “Hand-over” to External Parties, LEO

Hardware Specific Acquisition—SIM Cards, Cell Phone, USB Storage, etc.

Data Type Acquisition—Audio Files, Video Files, Image Files, Network Files, Log Files

Investigation Process

Examination Process

Data Review

Research Requirements

Forensics Reporting

Analysis of Results

Expert Witness Process

Section 13. Management of Forensics Evidence Handling

Details

No. of pages:
352
Language:
English
Copyright:
© 2014
Published:
Imprint:
Syngress
Electronic ISBN:
9780124047259
Print ISBN:
9781597499965

About the author

Reviews

"... might be useful as an overview for the lay person or beginner…" --Security Management

"The book explores the right subjects. It provides the right warnings, focal points, and pitfalls. It stays clearly away from technical details, but does, for instance, present tools with strengths and weaknesses. Unlike other books, it does look at the situation outside of the US. In forensics, you need to prove competence beyond doubt. For a team manager, this book is not a bad start for building that proof." --ComputingReviews.com, July/August 2014

"Ultimately, this book is about protecting the organisation – and not just against the hackers...Getting your response right is all about teamwork, and this book is a helpful guide for putting together the best team for the job." --Network Security, February 2014