Chapter 22: Security Incident Response and Forensics

📖 Key Topics Covered

▸ Security Incident Response
▸ Advanced Incident Response
▸ Network Forensics with Packet Capture
▸ Memory Forensics
▸ Disk Forensics
▸ Threat Hunting
▸ Threat Hunting Process
▸ Chapter Summary
▸ Review Questions
▸ John the Ripper
▸ Display only DNS traffic
▸ P A R T I X
▸ Building a Cybersecurity

🔑 Key Terms

Discovery Hypothesis Improvement Investigation Response

See the full definitions in the Glossary and test yourself with Flashcards.

Assessment Tips

💡 Assessment Tip

Threat hunting is proactive (looking for threats before they cause damage), while incident response is reactive (responding after a threat is detected). Know that threat hunting starts with a hypothesis and uses tools like SIEM queries and log analys

🧪 Hands-On Lab

This chapter includes Lab 10 in Appendix E. View lab setup guide →

← Chapter 21 All Chapters Chapter 23 →