Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, 1st edition
Published by Cisco Press (January 31, 2018) © 2018
- Joseph Muniz
- Aamir Lakhani
- Available for purchase from all major ebook resellers, including InformIT.com
Price Reduced From: $49.99
Details
- A print text
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
This product is expected to ship within 3-6 business days for US and 5-10 business days for Canadian customers.
Breach detection is one of the hottest topics in cyber security. As more devices become Internet capable, more systems become targets. This in turn increases the need for digital defenses meaning the intended audience will continue to grow and expand across all business sectors. This book is a guide for various levels of technical competencies. Business minded people and executives would benefit from the incident response and policy content. Network administrators will benefit from the breach detection best practices content. Security experts will benefit from the technical forensics tools and exercises. Unlike the very few books on this topic, this book will be developed as a guide that can be easily applied to any organization’s business practice.
Introduction xix
Chapter 1 Digital Forensics 1
Defining Digital Forensics 3
Engaging Forensics Services 4
Reporting Crime 7
Search Warrant and Law 9
Forensic Roles 13
Forensic Job Market 15
Forensic Training 16
Summary 23
References 24
Chapter 2 Cybercrime and Defenses 25
Crime in a Digital Age 27
Exploitation 31
Adversaries 34
Cyber Law 36
Summary 39
Reference 39
Chapter 3 Building a Digital Forensics Lab 41
Desktop Virtualization 42
   VMware Fusion 43
   VirtualBox 44
Installing Kali Linux 44
Attack Virtual Machines 52
Cuckoo Sandbox 56
   Virtualization Software for Cuckoo 58
   Installing TCPdump 58
   Creating a User on VirtualBox for Cuckoo 59
Binwalk 60
The Sleuth Kit 61
Cisco Snort 62
Windows Tools 67
Physical Access Controls 68
Storing Your Forensics Evidence 71
   Network Access Controls 72
Jump Bag 74
Summary 74
References 75
Chapter 4 Responding to a Breach 77
Why Organizations Fail at Incident Response 78
Preparing for a Cyber Incident 80
Defining Incident Response 81
Incident Response Plan 82
Assembling Your Incident Response Team 84
   When to Engage the Incident Response Team 85
   Outstanding Items that Often Get Missed with Incident Response 88
   Phone Tree and Contact List 88
   Facilities 89
Responding to an Incident 89
Assessing Incident Severity 91
Following Notification Procedures 92
Employing Post-Incident Actions and Procedures 93
Identifying Software Used to Assist in Responding to a Breach 93
   Trend Analysis Software 94
   Security Analytics Reference Architectures 94
   Other Software Categories 97
Summary 97
References 98
Chapter 5 Investigations 99
Pre-Investigation 100
Opening a Case 102
First Responder 105
Device Power State 110
Search and Seizure 113
Chain of Custody 118
Network Investigations 121
Forensic Reports 127
   Case Summary 129
       Example 129
   Acquisition and Exam Preparation 129
       Example 129
   Findings 130
       Example 130
   Conclusion 130
       Example 131
   List of Authors 131
       Example 131
Closing the Case 132
Critiquing the Case 136
Summary 139
References 139
Chapter 6 Collecting and Preserving Evidence 141
First Responder 141
Evidence 144
   Autopsy 145
   Authorization 147
Hard Drives 148
   Connections and Devices 150
   RAID 152
Volatile Data 153
   DumpIt 154
   LiME 154
   Volatility 156
Duplication 158
   dd 161
   dcfldd 161
   ddrescue 162
   Netcat 162
   Guymager 163
   Compression and Splitting 164
Hashing 166
   MD5 and SHA Hashing 168
   Hashing Challenges 169
Data Preservation 170
Summary 172
References 172
Chapter 7 Endpoint Forensics 173
File Systems 174
   Locating Data 178
   Unknown Files 180
Windows Registry 182
   Deleted Files 185
   Windows Recycle Bin 187
   Shortcuts 189
Printer Spools 190
   Slack Space and Corrupt Clusters 191
   Alternate Data Streams 196
   Mac OS X 198
   OS X Artifacts 199
Log Analysis 202
IoT Forensics 207
Summary 210
References 211
Chapter 8 Network Forensics 213
Network Protocols 214
Security Tools 215
   Firewall 219
   Intrusion Detection and Prevention System 219
   Content Filter 219
   Network Access Control 220
   Packet Capturing 223
   NetFlow 224
   Sandbox 225
   Honeypot 226
   Security Information and Event Manager (SIEM) 228
   Threat Analytics and Feeds 229
   Security Tool Summary 229
Security Logs 229
Network Baselines 233
Symptoms of Threats 235
   Reconnaissance 235
   Exploitation 238
   Malicious Behavior 242
   Beaconing 244
   Brute Force 249
   Exfiltration 250
   Other Indicators 254
Summary 255
References 255
Chapter 9 Mobile Forensics 257
Mobile Devices 258
   Investigation Challenges 258
iOS Architecture 259
iTunes Forensics 261
iOS Snapshots 263
How to Jailbreak the iPhone 265
Android 266
PIN Bypass 270
   How to Brute Force Passcodes on the Lock Screen 271
Forensics with Commercial Tools 272
Call Logs and SMS Spoofing 274
Voicemail Bypass 275
How to Find Burner Phones 276
SIM Card Cloning 278
Summary 279
Reference 279
Chapter 10 Email and Social Media 281
A Message in a Bottle 281
Email Header 283
Social Media 288
People Search 288
Google Search 293
Facebook Search 297
Summary 304
References 305
Chapter 11 Cisco Forensic Capabilities 307
Cisco Security Architecture 307
Cisco Open Source 310
Cisco Firepower 312
Cisco Advanced Malware Protection (AMP) 313
Cisco Threat Grid 319
Cisco Web Security Appliance 322
Cisco CTA 323
Meraki 324
Email Security Appliance 326
Cisco Identity Services Engine 328
Cisco Stealthwatch 331
Cisco Tetration 335
Cisco Umbrella 337
Cisco Cloudlock 342
Cisco Network Technology 343
Summary 343
Reference 343
Chapter 12 Forensic Case Studies 345
Scenario 1: Investigating Network Communication 346
   Pre-engagement 347
   Investigation Strategy for Network Data 348
   Investigation 350
   Closing the Investigation 355
Scenario 2: Using Endpoint Forensics 357
   Pre-engagement 357
   Investigation Strategy for Endpoints 358
   Investigation 359
   Potential Steps to Take 360
   Closing the Investigation 362
Scenario 3: Investigating Malware 364
   Pre-engagement 364
   Investigation Strategy for Rogue Files 365
   Investigation 365
   Closing the Investigation 369
Scenario 4: Investigating Volatile Data 370
   Pre-engagement 371
   Investigation Strategy for Volatile Data 372
   Investigation 373
   Closing the Investigation 375
Scenario 5: Acting as First Responder 377
   Pre-engagement 377
   First Responder Strategy 377
   Closing the Investigation 379
Summary 381
References 382
Chapter 13 Forensic Tools 383
Tools 384
   Slowloris DDOS Tool: Chapter 2 385
   Low Orbit Ion Cannon 386
   VMware Fusion: Chapter 3 386
   VirtualBox: Chapter 3 387
   Metasploit: Chapter 3 388
   Cuckoo Sandbox: Chapter 3 389
   Cisco Snort: Chapter 3 389
   FTK Imager: Chapters 3, 9 390
   FireEye Redline: Chapter 3 391
   P2 eXplorer: Chapter 3 392
   PlainSight: Chapter 3 392
   Sysmon: Chapter 3 393
   WebUtil: Chapter 3 393
   ProDiscover Basics: Chapter 3 393
   Solarwinds Trend Analysis Module: Chapter 4 394
   Splunk: Chapter 4 394
   RSA Security Analytics: Chapter 4 395
   IBM’s QRadar: Chapter 4 396
   HawkeyeAP: Chapter 4 396
   WinHex: Chapters 6, 7 396
   OSForensics: Chapter 6 397
   Mount Image Pro: Chapter 6 397
   DumpIt: Chapter 6 398
   LiME: Chapter 6 398
   TrIDENT: Chapter 7 398
   PEiD: Chapter 7 399
   Lnkanalyser: Chapter 7 399
   Windows File Analyzer: Chapter 7 399
   LECmd: Chapter 7 401
   SplViewer: Chapter 7 401
   PhotoRec: Chapter 7 402
   Windows Event Log: Chapter 7 402
   Log Parser Studio: Chapter 7 403
   LogRhythm: Chapter 8 403
Mobile Devices 404
   Elcomsoft: Chapter 9 404
   Cellebrite: Chapter 9 404
   iPhone Backup Extractor: Chapter 9 405
   iPhone Backup Browser: Chapter 9 405
   Pangu: Chapter 9 405
   KingoRoot Application: Chapter 9 405
Kali Linux Tools 406
   Fierce: Chapter 8 406
   TCPdump: Chapter 3 406
   Autopsy and Autopsy with the Sleuth Kit: Chapters 3, 6 406
   Wireshark: Chapter 8 406
   Exiftool: Chapter 7 407
   DD: Chapter 6 407
   Dcfldd: Chapter 6 408
   Ddrescue: Chapter 6 408
   Netcat: Chapter 6 408
   Volatility: Chapter 6 408
Cisco Tools 408
   Cisco AMP 408
   Stealthwatch: Chapter 8 409
   Cisco WebEx: Chapter 4 409
   Snort: Chapter 11 409
   ClamAV: Chapter 10 409
   Razorback: Chapter 10 410
   Daemonlogger: Chapter 10 410
   Moflow Framework: Chapter 10 410
   Firepower: Chapter 10 410
   Threat Grid: Chapter 10 410
   WSA: Chapter 10 410
   Meraki: Chapter 10 411
   Email Security: Chapter 10 411
   ISE: Chapter 10 411
   Cisco Tetration: Chapter 10 411
   Umbrella: Chapter 10 411
   Norton ConnectSafe: No Chapter 412
   Cloudlock: Chapter 10 412
Forensic Software Packages 413
   FTK Toolkit: Chapter 3 413
   X-Ways Forensics: Chapter 3 413
   OSforensics: Chapter 6 414
   EnCase: Chapter 7 414
   Digital Forensics Framework (DFF): Chapter 7 414
Useful Websites 414
   Shodan: Chapter 1 414
   Wayback Machine: Chapter 3 415
   Robot.txt files: Chapter 2 415
   Hidden Wiki: Chapter 2 415
   NIST: Chapter 4 416
   CVE: Chapter 4 416
   Exploit-DB: Chapter 4 416
   Pastebin: Chapters 4, 10 416
   University of Pennsylvania Chain of Custody Form: Chapter 6 417
   List of File Signatures: Chapter 9 417
   Windows Registry Forensics Wiki: Chapter 7 417
   Mac OS Forensics Wiki: Chapter 7 417
Miscellaneous Sites 417
   Searchable FCC ID Database 418
   Service Name and Transport Protocol Port Number Registry 418
   NetFlow Version 9 Flow-Record Format 418
   NMAP 418
   Pwnable 418
   Embedded Security CTF 419
   CTF Learn 419
   Reversing.Kr 419
   Hax Tor 419
   W3Challs 419
   RingZer0 Team Online CTF 420
   Hellbound Hackers 420
   Over the Wire 420
   Hack This Site 420
   VulnHub 420
   Application Security Challenge 421
   iOS Technology Overview 421
Summary 421
Â
9781587145025Â Â Â TOCÂ Â Â 1/10/2017
Â
Need help? Get in touch