Abstract
This chapter is intimately linked with Incident Response. First you respond to an incident to contain it, then you must analyze it. It is important to find the root cause, or the criminal will return to your network (or worse yet, never leave.) While the incident response chapter focuses more on the business side of what is important, this chapter introduces technical issues of how to find information and track it. This chapter addresses three areas of expertise that must occur simultaneously during a forensic investigation: forensic analysis skills to select and analyze the forensic evidence, technical forensic skills to access the forensic evidence, and legal evidence skills to meet legal requirements for authenticity and chain of custody.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Conger K, Frenkel S (2021) Thousands of Microsoft customers may have been victims of hack tied to China. NY Times, 7 March 2021
Messier R (2017) Network forensics. Wiley, Indianapolis
Davidoff S, Ham J (2012) Network forensics: tracking hackers through cyberspace. Pearson Education, Upper Saddle River
Easttom C (2019) System forensics, investigation, and response, 3rd edn. Jones & Bartlett Learning, Burlington
Murdoch D (2014) Blue team handbook: Incident response edition, Version 2.0. Don Murdoch
Microsoft (2016) Trace and event log severity levels, 10/20/2016 taken from: https://docs.microsoft.com/en-us/previous-versions/office/developer/sharepoint-2010/ff604025(v=office.14)
The 8 most critical Windows security event IDs. https://download.manageengine.com/products/active-directory-audit/kb/the-eight-most-critical-windows-event-ids.pdf. ManageEngine. Accessed 13 July 2021
Jarrett HM, Bailie MW, Hagen E, Eltringham S (ed) (n.d.) Prosecuting computer crimes, Office of Legal Education, Computer Crime and Intellectual Property Section, Criminal Division. https://www.justice.gov/criminal/file/442156/download
Ali KM (2012) Digital forensics: best practices and managerial implications. In: 2012 fourth international conf. on computational intelligence, communication systems and networks, IEEE Computer Society, http://ieeexplore.ieee.org, pp 196–199.
Brown CLT (2006) Computer evidence: collection & preservation. Charles River Media, Newton Centre, MA, pp 16–17, 28.
ISACA (2019) CISA(R) Review Manual, 27th Edition, ISACA, Arlington Heights IL.
ISACA (2015) CISM(R) Review Manual, 15th Edition, ISACA, Arlington Heights IL.
Cowen D (2013) Computer forensics: InfoSec pro guide. McGraw-Hill Co., New York, NY, pp 257–282.
Giles S (2012) Managing fraud risk: a practical guide for directors and managers. Wiley, Chichester, West Sussex, England, pp 255–293.
Grama JL (2015) Legal issues in information security, 2nd edn. Jones & Bartlett Learning, Burlington MA, pp 461–488.
Cichonski P, Millar T, Grance T, Skarfone K (2012) NIST special publication 800-61 Rev 2 computer security incident handling guide. National Institute of Standards and Technology, Gaithersburg MD, August 2012.
Philipp A, Cowen D, Davis C (2010) Hacking exposed™ computer forensics, 2nd edn. McGraw-Hill Co, New York, pp 341–368.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Lincke, S. (2024). Preparing for Forensic Analysis. In: Information Security Planning. Springer, Cham. https://doi.org/10.1007/978-3-031-43118-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-43118-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-43117-3
Online ISBN: 978-3-031-43118-0
eBook Packages: Computer ScienceComputer Science (R0)