The Digital Forensics Guide for the Network Engineer
· Understand the realities of cybercrime and today’s attacks
· Build a digital forensics lab to test tools and methods, and gain expertise
· Take the right actions as soon as you discover a breach
· Determine the full scope of an investigation and the role you’ll play
· Properly collect, document, and preserve evidence and data
· Collect and analyze data from PCs, Macs, IoT devices, and other endpoints
· Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence
· Analyze iOS and Android devices, and understand encryption-related obstacles to investigation
· Investigate and trace email, and identify fraud or abuse
· Use social media to investigate individuals or online identities
· Gather, extract, and analyze breach data with Cisco tools and techniques
· Walk through common breaches and responses from start to finish
· Choose the right tool for each task, and explore alternatives that might also be helpful
The professional’s go-to digital forensics resource for countering attacks right now
Today, cybersecurity and networking professionals know they can’t possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that.Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You’ll learn how to make the most of today’s best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more.
Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now.
This book is part of the Networking Technology: Security Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Joseph Muniz is an architect at Cisco Systems and a security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the U.S. government. Joseph’s current role gives him visibility into the latest trends in cybersecurity, from both leading vendors and customers. Examples of Joseph’s research include his RSA talk titled “Social Media Deception,” which has been quoted by many sources (search for “Emily Williams Social Engineering”), as well as his articles in PenTest Magazine regarding various security topics. Joseph runs The Security Blogger website, a popular resource for security, hacking, and product implementation. He is the author and contributor of several publications covering various penetration testing, certification, and security topics. You can follow Joseph at www.thesecurityblogger.com and @SecureBlogger.
Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations. Aamir creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions, and government organizations. He has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. Aamir is considered an industry leader for creating detailed security architectures within complex computing environments. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the Internet’s dark security movement.