Digital Forensics and Incident Response

Incident response tools and techniques for effective cyber threat response

Gerard Johansen

BIRMINGHAM—MUMBAI

Digital Forensics and Incident Response

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Mohd Riyan Khan

Publishing Product Manager: Prachi Sawant

Senior Editor: Athikho Sapuni Rishana

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Ashwin Kharwa

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Nilesh Mohite

Marketing Coordinator: Ankita Bhonsle

First published: July 2017

Second edition: January 2020

Third Edition: December 2022

Production reference: 1181122

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80323-867-8

www.packt.com

Contributors

About the author

Gerard Johansen is an incident response professional with over 15 years of experience in threat intelligence, incident response, and digital forensics. Beginning his information security career as a cybercrime investigator, he has built on that experience while working as a consultant and security analyst for clients and organizations ranging from healthcare to finance. Gerard is a graduate of Norwich University’s Master of Science in Information Assurance program and holds several industry certifications in digital forensics, threat intelligence, and cyber security. He currently manages a team of incident-handling specialists in an industry-leading managed detection and response firm servicing a variety of organizations.

To my wife and children: thank you for your patience during this project. To all the cyber security and digital forensic professionals that I have met and learned from over the past 15 years, your skills, dedication, and generosity have made this possible. Finally, to the editors and staff at Packt Publishing for their professionalism and focus on bringing this project to fruition.

About the reviewer

Dr. Akash Thakar is a Certified Ethical Hacker, Computer Hacking Forensic Investigator, and Certified EC-Council Instructor, having sound knowledge of digital forensics and incident response. He is working as an assistant professor at Rashtriya Raksha University, Gandhinagar, India. He has completed his Ph.D. in forensic science from Gujarat University, Ahmedabad, India. He has taught various subjects to the students of UG and PG courses, such as computer forensics, network forensics, malware analysis, advanced digital forensics, and memory forensics. His research area is digital forensic investigation process and memory forensics.