‚ ‚ ‚ | | Copyright |
‚ ‚ ‚ | | About the Authors |
‚ ‚ ‚ | | About the Technical Reviewers |
‚ ‚ ‚ | | Acknowledgments |
‚ ‚ ‚ | | Tell Us What You Think |
‚ ‚ ‚ | | Introduction |
‚ ‚ ‚ | ‚ | | Organization of this Book |
‚ ‚ ‚ | ‚ | | Conventions Used in This Book |
‚ ‚ ‚ | | Chapter 1. ‚ An Introduction to Incident Response |
‚ ‚ ‚ | ‚ | | What Is Incident Response? |
‚ ‚ ‚ | ‚ | | The Rationale for Incident Response |
‚ ‚ ‚ | ‚ | | Overview of Incident Response |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 2. ‚ Risk Analysis |
‚ ‚ ‚ | ‚ | | About Risk Analysis |
‚ ‚ ‚ | ‚ | | Types of Security-Related Risks |
‚ ‚ ‚ | ‚ | | Obtaining Data About Security-Related Incidents |
‚ ‚ ‚ | ‚ | | The Importance of Risk Analysis in Incident Response |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 3. ‚ A Methodology for Incident Response |
‚ ‚ ‚ | ‚ | | Rationale for Using an Incident Response Methodology |
‚ ‚ ‚ | ‚ | | A Six-Stage Methodology for Incident Response |
‚ ‚ ‚ | ‚ | | Caveats |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 4. ‚ Forming and Managing an Incident Response Team |
‚ ‚ ‚ | ‚ | | What Is an Incident Response Team? |
‚ ‚ ‚ | ‚ | | Why Form an Incident Response Team? |
‚ ‚ ‚ | ‚ | | Issues in Forming a Response Team |
‚ ‚ ‚ | ‚ | | About Managing an Incident Response Effort |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 5. ‚ Organizing for Incident Response |
‚ ‚ ‚ | ‚ | | Virtual Teams ‚ Ensuring Availability |
‚ ‚ ‚ | ‚ | | Training the Team |
‚ ‚ ‚ | ‚ | | Testing the Team |
‚ ‚ ‚ | ‚ | | Barriers to Success |
‚ ‚ ‚ | ‚ | | External Coordination |
‚ ‚ ‚ | ‚ | | Managing Incidents |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 6. ‚ Tracing Network Attacks |
‚ ‚ ‚ | ‚ | | What Does Tracing Network Attacks Mean? |
‚ ‚ ‚ | ‚ | | Putting Attack Tracing in Context |
‚ ‚ ‚ | ‚ | | Tracing Methods |
‚ ‚ ‚ | ‚ | | Next Steps |
‚ ‚ ‚ | ‚ | | Constructing an "Attack Path" |
‚ ‚ ‚ | ‚ | | Final Caveats |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 7. ‚ Legal Issues |
‚ ‚ ‚ | ‚ | | U.S. Computer Crime Statutes |
‚ ‚ ‚ | ‚ | | International Statutes |
‚ ‚ ‚ | ‚ | | Search, Seizure, and Monitoring |
‚ ‚ ‚ | ‚ | | Policies |
‚ ‚ ‚ | ‚ | | Liability |
‚ ‚ ‚ | ‚ | | To Prosecute or Not? |
‚ ‚ ‚ | ‚ | | Conclusion |
‚ ‚ ‚ | | Chapter 8. ‚ Forensics I |
‚ ‚ ‚ | ‚ | | Guiding Principles |
‚ ‚ ‚ | ‚ | | Forensics Hardware |
‚ ‚ ‚ | ‚ | | Forensics Software |
‚ ‚ ‚ | ‚ | | Acquiring Evidence |
‚ ‚ ‚ | ‚ | | Examination of the Evidence |
‚ ‚ ‚ | ‚ | | Conclusions |
‚ ‚ ‚ | | Chapter 9. ‚ Forensics II |
‚ ‚ ‚ | ‚ | | Covert Searches |
‚ ‚ ‚ | ‚ | | Advanced Searches |
‚ ‚ ‚ | ‚ | | Encryption |
‚ ‚ ‚ | ‚ | | Home Use Systems |
‚ ‚ ‚ | ‚ | | UNIX and Server Forensics |
‚ ‚ ‚ | ‚ | | Conclusions |
‚ ‚ ‚ | | Chapter 10. ‚ Responding to Insider Attacks |
‚ ‚ ‚ | ‚ | | Types of Insiders |
‚ ‚ ‚ | ‚ | | Types of Attacks |
‚ ‚ ‚ | ‚ | | Preparing for Insider Attacks |
‚ ‚ ‚ | ‚ | | Detecting Insider Attacks |
‚ ‚ ‚ | ‚ | | Responding to Insider Attacks |
‚ ‚ ‚ | ‚ | | Special Considerations |
‚ ‚ ‚ | ‚ | | Special Situations |
‚ ‚ ‚ | ‚ | | Legal Issues |
‚ ‚ ‚ | ‚ | | Conclusion |
‚ ‚ ‚ | | Chapter 11. ‚ The Human Side of Incident Response |
‚ ‚ ‚ | ‚ | | Integration of the Social Sciences into Incident Response |
‚ ‚ ‚ | ‚ | | Part I: Cybercrime Profiling |
‚ ‚ ‚ | ‚ | | Part II: Insider Attacks |
‚ ‚ ‚ | ‚ | | Part III: Incident Victims |
‚ ‚ ‚ | ‚ | | Part IV: Human Side of Incident Response |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 12. ‚ Traps and Deceptive Measures |
‚ ‚ ‚ | ‚ | | About Traps and Deceptive Measures |
‚ ‚ ‚ | ‚ | | Advantages and Limitations of Traps and Deceptive Measures |
‚ ‚ ‚ | ‚ | | Focus: Honeypots |
‚ ‚ ‚ | ‚ | | Integrating Traps and Deceptive Measures into Incident Response |
‚ ‚ ‚ | ‚ | | Summary |
‚ ‚ ‚ | | Chapter 13. ‚ Future Directions in Incident Response |
‚ ‚ ‚ | ‚ | | Technical Advances |
‚ ‚ ‚ | ‚ | | Social Advances |
‚ ‚ ‚ | ‚ | | The Progress of the Profession |
‚ ‚ ‚ | ‚ | | The Nature of Incidents |
‚ ‚ ‚ | ‚ | | Conclusion |
‚ ‚ ‚ | | Appendix A. ‚ RFC-2196 |
‚ ‚ ‚ | ‚ | | Site Security Handbook |
‚ ‚ ‚ | | Appendix B. ‚ Incident Response and Reporting Checklist |