Intrusion Analysis and Incident Handling
In this chapter you will learn how to
• Prepare to handle an incident
• Identify, triage, and analyze suspicious behavior that may indicate an ongoing incident
• Contain and eradicate an attack
• Recover affected assets to BAU
Incident Handling Introduction
Various frameworks are often used for intrusion handling and incident response. A few of the most common ones are the kill chain and diamond models, but the one used most often is based on National Institute of Standards and Technology (NIST) SP 800-61 revision 2.