Part I: Overview§Ch. 1: Case Study§Ch. 2: The Incident Response Process§Ch. 3: Preparing for Incident Response Part II: Data Collection§Ch. 4: Data Collection From Windows§Ch. 5: Data Collection from Unix§Ch. 6: Forensic Duplication§Ch. 7: Network Traffic Collection§Ch. 8: Data Collection from Other Sources§Ch. 9: Evidence Handling Part III: Forensic Analysis§Ch. 10: Physical Analysis§Ch. 11: Data Analysis§Ch. 12: Analysis of Windows Systems§Ch. 13: Unix Part IV: Analysis of Other Evidence§Ch. 14: Investigation of Routers§Ch. 15: Investigation of Web Servers§Ch. 16:Investigation of Application Servers§Ch. 17: Analysis of Network Traces§Ch. 18: Investigating Hacker Tools Part V: Remediation§Ch. 19: Reporting and Documentation§Ch. 20: Developing an Incident Response Plan§Ch. 21: Establishing Identify in Cyberspace§Ch. 22: Data Recovery ukryj opis