Incident Responders can benefit from the books in order to obtain theoretical and practical information about the steps to be applied while responding to the incident. In this article, brief information will be given about 3 different books written about the incident response:
Title: Incident Response & Computer Forensics
Target Audience: SOC Analyst Tier 2
Authors: Jason T. Luttgens, Matthew Pepe and Kevin Mandia
About the book: The real-world cases are first described at the beginning of the book. In the following chapters, how the incident response management should be conducted and the stages that consist of incident response according to sample cases. After all the incident response steps are explained in detail under separate sections, information gathering on the target machine is explained. What log records can be obtained from Windows, Linux, and MAC OS operation systems are mentioned. The importance of creating a report as a result of incident response was covered as well.
Title: Applied Incident Response
Target Audience: SOC Analyst (Tier 2,3)
Level: Medium / Expert
Authors: Steve Anson
About the book: The book explains some theoretical concepts at first. The attacker’s motivation and techniques are detailed along with these theoretical concepts. In the following sections, information is given about what preparations should be completed and how to take action when a case is encountered. In the following sections, topics such as memory analysis, disk analysis, and log collection/analysis are included.
Title: Incident Response with Threat Intelligence: Practical insights into developing an incident response capability through intelligence-based threat hunting
Target Audience: SOC Analyst (Tier 1,2,3)
Level: Beginner / Medium
Authors: Roberto Martínez
About the book: In the first part of the book, the motivation of the attackers and the threats to future technologies (Drones, IoT devices, autonomous vehicles, etc.) are mentioned. In the following sections, information is given about the details of the stages of incident response processes. Information was given about the threat actors. MITRE ATT&CK Framework is explained. In the following sections, how cyber threat intelligence is used in incident response processes is explained. Incident response plan preparation and incident response together with SOAR are some of the topics covered in the book. In general, the book explains the processes in incident response with up-to-date technologies.