000			02156nam a2200217 4500
005			20250714145433.0
008			250714b2020|||||||| |||| 00| 0 eng d
020			_a9781119560289
041			_aEnglish
082			_a658.4038
100			_aAnson, Steve _eAuthor _96479
245			_aApplied incident response
260			_aNew Jersey: _bWiley Data and Cybersecurity, _c2020.
300			_axxii, 439p.
500			_aIncident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident response Leveraging MITRE ATT&CK and threat intelligence for active network defense Local and remote triage of systems using PowerShell, WMIC, and open-source tools Acquiring RAM and disk images locally and remotely Analyzing RAM with Volatility and Rekall Deep-dive forensic analysis of system drives using open-source or commercial tools Leveraging Security Onion and Elastic Stack for network security monitoring Techniques for log analysis and aggregating high-value logs Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more Effective threat hunting techniques Adversary emulation with Atomic Red Team Improving preventive and detective controls
650			_aAcquiring Memory and Disk Imaging _96480
650			_aNetwork Security Monitoring _96481
650			_aMalware Analysis and Disk Forensics _96482
856			_uhttps://ieeexplore.ieee.org/servlet/opac?bknumber=9820823
942			_cEB
999			_c1610 _d1610