Incident Response

Incident Phase
1. Preparation
  1. CSIRT
    Annotations:
    - * Establish and maintains the incident response plan * Make sure the team members understand the plan Test the plan Get management approve to the plan
  2. Detection And Analysis
    1. Incident Analysis
    2. Containment, Eradication, Recovery
      1. Containment: Isolate the infected system
      2. Eradication: Eradicate the system
      3. Recovery: After remedition recover all the system
      4. Post-Incident Follow up
Disaster Recovery
1. Types
  1. Natural Disasters
  2. Human- Caused
2. Disaster Recovery Plans(DRP)
3. Disaster Recovery Controls
  1. Preventing Controls
  2. Detective Controls
  3. Corrective Controls
4. Test/Trainings
  1. Table Top
  2. Functional test
  3. Operational
Business Cont Plan
1. Business Cont Planning
  1. RTO - Recovery Time Objective
  2. RPO - Recovery Point Objective
  3. MTTR- Mean TIme To Repair
  4. Mean Time Between Failures
2. Business Cont Considarations
Digital Forensics
1. Evidence
  1. Identifying and acquiring
    1. Data Acquisition
      1. System Images
      2. Network Traffic and logs
      3. Surveillance Videos
      4. Hashes Or Checksums
      5. photos of scene
      6. Witness interveiwed
  2. Protecting and Storing
  3. Chain Of Custody
2. Digital Forensic Devices
  1. leave in the current power state
  2. Disconnect from Network
  3. Refrain from opening file or applications
3. Order Of volatility
  1. CPU storage
    1. Process and Routing tables
      1. Kernel Operations
        System Storage
        Temp Files
        Fixed media
        Removable devices
        Tape/DVD/Paper

Next up

Incident Response

Description

Resource summary

Similar

	Created by Hisham Haneefa over 2 years ago