Diamond model

The diamond model of intrusion analysis is a methodology to describe the process for differentiating APT threats and their specific attributes. The diamond is comprised of four components: Adversary, Infrastructure, Capabilities, and Victim.

The model attempts to determine the interplay between each of these four groups.

For example, take a simple malware attack. The Adversary is going to use a custom piece of malware. They develop the malware which feeds into their Capability. The Adversary then utilizes their capability to deploy the malware via a compromised web server or infrastructure. This connects to the Victim where the ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.