Computer Incident Response and Forensics Team Management
Conducting a Successful Incident Response
- 1st Edition - November 8, 2013
- Latest edition
- Author: Leighton Johnson
- Language: English
Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forens… Read more
Computer Incident Response and Forensics Team Management provides security professionals with a complete handbook of computer incident response from the perspective of forensics team management. This unique approach teaches readers the concepts and principles they need to conduct a successful incident response investigation, ensuring that proven policies and procedures are established and followed by all team members.
Leighton R. Johnson III describes the processes within an incident response event and shows the crucial importance of skillful forensics team management, including when and where the transition to forensics investigation should occur during an incident response event. The book also provides discussions of key incident response components.
- Provides readers with a complete handbook on computer incident response from the perspective of forensics team management
- Identify the key steps to completing a successful computer incident response investigation
- Defines the qualities necessary to become a successful forensics investigation team member, as well as the interpersonal relationship skills necessary for successful incident response and forensics investigation teams
Information security professionals and consultants of all levels, incident responders, security managers, digital forensics analysts, digital forensics investigators, law enforcement officers, private investigators, government security officers. Criminal Justice students, Computer Security students, and Forensics students.
Dedication
About the Author
Section 1. Introduction
Section 2. Definitions
Part 1: Incident Response Team
Part 1. Incident Response Team
Section 3. The Stages of Incident Response
Methodology #1
Methodology #2
Post-incident Activity
Section 4. The Security Incident Response Team Members
Types of Technical Skills Needed
Types of Personal Skills Needed
Section 5. Incident Evidence
Section 6. Incident Response Tools
Section 7. Incident Response Policies and Procedures
SIRT IR Policies
Corporate IR Strategy and General Use Security Policies
Section 8. Legal Requirements and Considerations
Privacy
Ethics
Investigation Guidelines
Section 9. Governmental Laws, Policies, and Procedures
US Government
Canadian Government
EU
Part 2: Forensics Team
Part 2. Forensics Team
Section 10. Forensics Process
Prepare
Identify
Preserve
Select
Examine
Classify
Analyze
Present
Section 11. Forensics Team Requirements Members
Member Criteria
Member Expertise
Member Certification
Section 12. Forensics Team Policies and Procedures
Forensics Analysis Process
Data Collection
Chain of Custody
Evidence Handling and Control
Evidence “Hand-over” to External Parties, LEO
Hardware Specific Acquisition—SIM Cards, Cell Phone, USB Storage, etc.
Data Type Acquisition—Audio Files, Video Files, Image Files, Network Files, Log Files
Investigation Process
Examination Process
Data Review
Research Requirements
Forensics Reporting
Analysis of Results
Expert Witness Process
Section 13. Management of Forensics Evidence Handling
Chain of Evidence
US Federal Rules of Civil Procedure
UK Civil Procedure Rules
Section 14. Forensics Tools
Types of Forensics Tools
Tools for Specific Operating Systems and Platforms
Section 15. Legalities of Forensics
Reasons for Legal, Statutory, and Regulatory Compliance
US Criteria, Laws, and Regulations
EU Criteria, Laws, and Regulations
Section 16. Forensics Team Oversight
Investigator’s Code of Conduct
Use of Templates for Information Recording
Part 3: General Management and Team
Part 3. General Management and Team
External Considerations
Section 17. General Team Management
Corporate Level Management Considerations
Corporate Needs to Support the Team Activities
Third-Party Support During and After Events
Section 18. Corporate IT-Related Security Relationship with SIR&FT
Basic IT Control and Security Areas of Interest
Section 19. Relationship Management
Section 20. Conclusion
The Incident Response Team
The Forensics Team
Final Words
Appendix A. References
Incident Response Online Resources
Appendix B. Relevant Incident Response and Forensics Publications from Governmental Agencies and Organizations
US
EU
Appendix C. Forensics Team Templates
Index
"...might be useful as an overview for the lay person or beginner…"—Security Management
"The book explores the right subjects. It provides the right warnings, focal points, and pitfalls. It stays clearly away from technical details, but does, for instance, present tools with strengths and weaknesses. Unlike other books, it does look at the situation outside of the US. In forensics, you need to prove competence beyond doubt. For a team manager, this book is not a bad start for building that proof."—ComputingReviews.com, July/August 2014
"Ultimately, this book is about protecting the organisation – and not just against the hackers...Getting your response right is all about teamwork, and this book is a helpful guide for putting together the best team for the job."—Network Security, February 2014
- Edition: 1
- Latest edition
- Published: November 8, 2013
- Language: English
LJ
Leighton Johnson
Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of cybersecurity & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations, training events and seminars all across the United States, Asia and Europe. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense activities.
Affiliations and expertise
CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT)Read Computer Incident Response and Forensics Team Management on ScienceDirect