Blue Team Handbook: Incident Response, 3rd Edition: A condensed field guide for the Cyber Security Incident Responder.

BTHb:INRE - Version 3.0 now available. This is a comprehensive update and expansion. There are with about 174 new pages from Version 2.2 with 185% more content to guide you on your cyber incident response journey.The Blue Team Handbook is still a "zero fluff" reference guide for cyber security incident responders, security engineers, system admins, and InfoSec pros alike.Main topics include the incident response process, how to integrate MITRE ATT&CK into IR, how attackers operate, common tools and techniques adversaries use, tools and scripts for incident response on both Linux and Windows 10+ and on the network. Version 3 has significant coverage for using PowerShell on Windows 11, with code focused on the IR process. Windows and Linux analysis processes including quick response material for using Volatility 3, collecting triage images, and more.There is an updated chapter presenting a methodology for network analysis, common indicators of compromise, tshark and tcpdump usage examples, Snort IDS usage, packet header reference charts, and numerous other quick reference topics.The book is designed specifically to share "real life experience" from a cyber defender with over 20 years of experience. It is peppered with practical techniques from the authors' extensive career in handling incidents, running an MSSP and a Cyber range, working at two leading software manufactures and from the Fortune 50. Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server, this book should help you handle the case and teach you some new techniques along the way.Reading it is like sitting across a great desert with an aromatic cup of coffee or tea with a Cyber Defense Expert.Version 3.0 updates:Every chapter was expanded and enhanced.A new chapter added to focus in on incident response skills.A new chapter with 40 pages of PowerShell code.A chapter with details on using a modern EDR system, Sentinel One.BTHb INRE is used in a few college programs and some military cyber ed programs as well.The BTHb Series is mentioned in several SANS Institute courses.Note: This is the self-published version of the same title published by O'ReillyThe self pub edition includes hand drawn art from the other Blue Team Handbooks, while the OR version does not. The technical content is identical to the Oreilly edition.Voted #3 of the 100 Best Cyber Security Books of All Time by Vinod Khosla, Tim O'Reilly and Marcus Spoons Stevens on BookAuthority.com as of 06/09/2018!Version 3.01 - released 2/14/26: Code formatting updated so it is more readable on the printed page, information about NTFS MAC times, one regulatory reference updated, several of the PowerShell scripts had minor enhancements, and a bug in one script was corrected. Read more