Computer Incident Response and Forensics Team Management - 1st Edition - ISBN: 9781597499965, 9780124047259

Computer Incident Response and Forensics Team Management

1st Edition

Conducting a Successful Incident Response

Authors: Leighton Johnson
eBook ISBN: 9780124047259
Paperback ISBN: 9781597499965
Imprint: Syngress
Published Date: 22nd November 2013
Page Count: 352
Sales tax will be calculated at check-out Price includes VAT/GST
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
30% off
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members.

Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components.

Key Features

  • Provides readers with a complete handbook on computer incident response from the perspective of forensics team management
  • Identify the key steps to completing a successful computer incident response investigation
  • Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams


Information security professionals and consultants of all levels, incident responders, security managers, digital forensics analysts, digital forensics investigators, law enforcement officers, private investigators, government security officers. Criminal Justice students, Computer Security students, and Forensics students.

Table of Contents


About the Author

Section 1. Introduction

Section 2. Definitions


Part 1: Incident Response Team

Part 1. Incident Response Team

Section 3. The Stages of Incident Response

Methodology #1

Methodology #2

Post-incident Activity

Section 4. The Security Incident Response Team Members

Types of Technical Skills Needed

Types of Personal Skills Needed

Section 5. Incident Evidence

Section 6. Incident Response Tools

Section 7. Incident Response Policies and Procedures

SIRT IR Policies

Corporate IR Strategy and General Use Security Policies

Section 8. Legal Requirements and Considerations



Investigation Guidelines

Section 9. Governmental Laws, Policies, and Procedures

US Government

Canadian Government


Part 2: Forensics Team

Part 2. Forensics Team

Section 10. Forensics Process









Section 11. Forensics Team Requirements Members

Member Criteria

Member Expertise

Member Certification

Section 12. Forensics Team Policies and Procedures

Forensics Analysis Process

Data Collection

Chain of Custody

Evidence Handling and Control

Evidence “Hand-over” to External Parties, LEO

Hardware Specific Acquisition—SIM Cards, Cell Phone, USB Storage, etc.

Data Type Acquisition—Audio Files, Video Files, Image Files, Network Files, Log Files

Investigation Process

Examination Process

Data Review

Research Requirements

Forensics Reporting

Analysis of Results

Expert Witness Process

Section 13. Management of Forensics Evidence Handling

Chain of Evidence

US Federal Rules of Civil Procedure

UK Civil Procedure Rules

Section 14. Forensics Tools

Types of Forensics Tools

Tools for Specific Operating Systems and Platforms

Section 15. Legalities of Forensics

Reasons for Legal, Statutory, and Regulatory Compliance

US Criteria, Laws, and Regulations

EU Criteria, Laws, and Regulations

Section 16. Forensics Team Oversight

Investigator’s Code of Conduct

Use of Templates for Information Recording

Part 3: General Management and Team

Part 3. General Management and Team

External Considerations

Section 17. General Team Management

Corporate Level Management Considerations

Corporate Needs to Support the Team Activities

Third-Party Support During and After Events

Section 18. Corporate IT-Related Security Relationship with SIR&FT

Basic IT Control and Security Areas of Interest

Section 19. Relationship Management

Section 20. Conclusion

The Incident Response Team

The Forensics Team

Final Words

Appendix A. References

Incident Response Online Resources

Appendix B. Relevant Incident Response and Forensics Publications from Governmental Agencies and Organizations



Appendix C. Forensics Team Templates



No. of pages:
© Syngress 2014
eBook ISBN:
Paperback ISBN:

About the Author

Leighton Johnson

Leighton Johnson is the CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT), a provider of computer security, forensics consulting & certification training. He has over 38 years experience in Computer Security, Software Development and Communications Equipment Operations & Maintenance. Primary focus areas have included computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, anti-terrorism/cyber terrorism, database administration, business process & data modeling. He just completed service as the AT/COOP task lead for a DOD Field Agency, based in Alexandria, VA. He recently was the CIO for a 450 person directorate within Lockheed Martin IS&GS covering 9 locations within the Eastern and Midwestern parts of the U.S. He previously served as Security Operations Program Manager for a US DOD Field Agency, based in Arlington, VA.

He is a member of the CSA CloudSIRT working group developing the model for response collaboration among cloud providers, responders and users; the CSA Security-as-a-Service working group developing the definitions for SECaaS requirements and models, as well as a member of the IEEE Education working groups on Cloud and on Computer Software Security. He recently served as a member of the IS Alliance – NIST joint working group on VOIP SCAP security. He has taught Digital and Network Forensics courses at Georgia Regents University. He holds CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator), CSSLP (Certified Secure Software Lifecycle Professional), CAP (Certified Authorization Professional), CRISC (Certified in Risk & Information Systems Control), CMAS (Certified Master Antiterrorism Specialist), CAS-CTR (Certified Antiterrorism Specialist – Cyber Terrorism Response) and MBCI (Certified Member Business Continuity Institute) credentials.

Affiliations and Expertise

CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT)


"... might be useful as an overview for the lay person or beginner…" --Security Management

"The book explores the right subjects. It provides the right warnings, focal points, and pitfalls. It stays clearly away from technical details, but does, for instance, present tools with strengths and weaknesses. Unlike other books, it does look at the situation outside of the US. In forensics, you need to prove competence beyond doubt. For a team manager, this book is not a bad start for building that proof.", July/August 2014

"Ultimately, this book is about protecting the organisation – and not just against the hackers...Getting your response right is all about teamwork, and this book is a helpful guide for putting together the best team for the job." --Network Security, February 2014

Ratings and Reviews