How would your organisation cope with a cyber attack? Pinpoint and close vulnerabilities using effective computer forensics!

The primary purpose of computer forensics is to enable organisations to pinpoint where the malware has infected their computer systems and which files have been infected, so that they can close the vulnerability. More and more organisations have realised that they need to acquire a forensic capability to ensure they are ready to cope with an information security incident.



This pocket guide illustrates the technical complexities involved in computer forensics, and shows managers what makes the discipline relevant to their organisation. For technical staff, the book offers an invaluable insight into the key processes and procedures that are required.
Benefits to business include:

* Defend your company effectively against attacks
By developing a computer forensic capability, your organisation will be better prepared to defend itself in the event of a cyber attack. Surveys of the threat landscape have indicated a significant upswing of insider activity. Forensics within the organisation can be used to identify possible insider misuse of systems or information. In addition, this pocket guide looks at how you can optimise your IT infrastructure so as to enhance the efficiency of incident analysis. This will also minimise the operational impact on your computer systems in the event that a forensic analysis is required.
* Be proactive
Being proactive does not just mean making sure your organisation’s IT infrastructure is one that can support forensic analysis of incidents. Forensics is now no longer merely a tool to identify what has gone wrong: it can also be used as a mechanism for alerting you to the fact that something has gone wrong. Being proactive therefore implies stepping up your organisation’s ability to detect attacks. Detection of attacks is an extremely useful attribute for your organisation to have: the sooner you know about the problem, the sooner you can begin to deal with it.
* Secure evidence that will stand up in court
Undertaking forensics is not a simple task. It is not always possible to understand the true consequences of insider misuse until after completion of the investigation. Once the extent of the damage becomes clear, you may want to exercise the option of taking legal action against the perpetrator. This means that it is essential for you to follow correct procedure, so as to safeguard any evidence gathered. This book explains the key steps you need to take to maintain the integrity of the investigation and preserve the evidence.
* Counter encryption
Encryption is a double-edged sword. Encryption has a legitimate purpose as a tool deployed by information security professionals. However, the opportunity to conceal data has obvious attractions for the criminal, meaning that encryption is also a technique widely used by hackers. This book looks at how encryption is used to impede a forensic investigation, and examines ways of solving the problem. The most effective tactic for countering encryption is to locate the key material and crack the password that protects it, using a password cracker such as Cain & Abel.



Tools, techniques and procedures

The underground economy makes millions of pounds a year from cybercrime. Because no system or network can be completely secure, any sensible organisation will have mechanisms in place in advance to deal with the consequences of a cyber attack. Digital forensics assists companies and public sector organisations to identify how and where their computer systems have been abused.



The purpose of this pocket guide is to provide an introduction to the tools, techniques and procedures utilised within computer forensics. It is an easy to understand, introductory text, which gives an overview of the digital forensics domain, discussing procedural, technical and human-related aspects, without confiusing readers with technical jargon.