O'Reilly logo

Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

© Eric C. Thompson 2018
Eric C. ThompsonCybersecurity Incident Responsehttps://doi.org/10.1007/978-1-4842-3870-7_9

9. Eradication, Recovery, and Post-incident Review

Eric C. Thompson1 
(1)
Lisle, Illinois, USA
 

Eradication is the process of removing all the remnants of a cyberattack. This commences once systems known to be compromised are available to be taken offline so that eradication can occur. Removing files and reversing registry and configuration changes malware and attackers made during the attack are addressed. Once all the affected machines are identified and isolated and forensic backups are completed, the company can address weaknesses exploited by the attackers. These vulnerabilities are patched, and insecure configurations repaired. In ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required