Incident Response: Computer Forensics Toolkit

* Incident response and forensic investigation are the processes of detecting attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks
* This much-needed reference covers the methodologies for incident response and computer forensics, Federal Computer Crime law information and evidence requirements, legal issues, and working with law enforcement
* Details how to detect, collect, and eradicate breaches in e-mail and malicious code
* CD-ROM is packed with useful tools that help capture and protect forensic data; search volumes, drives, and servers for evidence; and rebuild systems quickly after evidence has been obtained

Table of Contents

Acknowledgments.

Introduction.

  Chapter 1: Computer Forensics and Incident Response Essentials.

  Chapter 2: Addressing Law Enforcement Considerations.

  Chapter 3: Forensic Preparation and Preliminary Response.

  Chapter 4: Windows Registry, Recycle Bin, and Data Storage.

  Chapter 5: Analyzing and Detecting Malicious Code and Intruders.

  Chapter 6: Retrieving and Analyzing Clues.

  Chapter 7: Procedures for Collecting and Preserving Evidence.

  Chapter 8: Incident Containment and Eradication of Vulnerabilities.

  Chapter 9: Disaster Recovery and Follow-Up.

  Chapter 10: Responding to Different Types of Incidents.

  Chapter 11: Assessing System Security to Prevent Further Attacks.

  Chapter 12: Pulling It All Together.

  Appendix A: What’s on the CD-ROM.

  Appendix B: Commonly Attacked Ports.

  Appendix C: Field Guidance on USA Patriot Act 2001.

  Appendix D: Computer Records and the Federal Rules of Evidence.

  Appendix E: Glossary.

  Index.