CHAPTER 2

Intrusion Analysis and Incident Handling

In this chapter you will learn how to

•   Prepare to handle an incident

•   Identify, triage, and analyze suspicious behavior that may indicate an ongoing incident

•   Contain and eradicate an attack

•   Recover affected assets to BAU

Incident Handling Introduction

Various frameworks are often used for intrusion handling and incident response. A few of the most common ones are the kill chain and diamond models, but the one used most often is based on National Institute of Standards and Technology (NIST) SP 800-61 revision 2.

Images

EXAM TIP   Although you don’t necessarily need to be familiar with ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.