Post

Incident Reponse for Windows - Book review

Posted Updated
Preview Image
By an ordinary man
2 min read
★★★★☆

Red and blue teaming are just two sides of the same coin, and as such I still try to read into books, articles and technical projects that lean to the blue side of the table. This was the case for the latest book read I finished; Incident Response for Windows: Adapt effective strategies for managing sophisticated cyberattacks targeting Windows systems by Anatoly Tykushin and Svetlana Ostrovskaya.

The books table of content lists as follows:

1
2
3
4
5
6
7
8
9
10
11
12
13

Introduction to the Threat Landscape
Understanding the Attack Life Cycle
Phases of an Efficient Incident Response on Windows Infrastructure
Endpoint Forensic Evidence Collection
Gaining Access to the Network
Establishing a Foothold
Network and Key Assets Discovery
Network Propagation
Data Collection and Exfiltration
Impact
Threat Hunting and Analysis of TTPs
Incident Containment, Eradication, and Recovery
Incident Investigation Closure and Reporting

I feel that the book achieves what is sets out to deliver on, with an information rich and structured approach to describing the modern Incident Reponse work through a hollistic lense. The authors are both well versed in the field and it comes to show with this book. I can highly recommend it as a read to anynone seeking to get into Incident reponse, junior technicians in the field as well as for people in management roles. The book collects upon a lot of well know process and procedure frameworks and models and then the authors provide real world examples from their professional careers, that help the reader better anchor the knowledge presented in the book. The examples them self align in with the experiences I’ve made myself through Incident Reponse work and Penentration testing of Windows envinronments. This book could well serve as a practical guideline for incident response teams in organization, that are looking to educate or upskill or build better processes around their workflows.

For the very technical reader the book might be a tad short in practical examples and in depth examples, this happend to be a feeling I was having when reading the book. But I might pick up other titles from the same authors, as I know they published a book about memory forensics. The title of that book promises more in depth technical knowledge.

Amazon booklink

-> BirkeP

Book review
Windows book reviews IR
This post is licensed under CC BY 4.0 by the author.