12 Incident Containment, Eradication, and Recovery

This chapter covers the critical incident handling steps that must be taken once an incident has been detected, confirmed, and analyzed. By this stage, the intrusion should be fully examined, the scope of the infection should be addressed, and the threat actor’s tactics, techniques, procedures, and used infrastructure should be identified.

We will start by discussing the criticality of isolating the affected systems to prevent further damage and stop the attacker’s progress toward the final goal. The importance of obvious and hidden aspects such as timing, scoping of containment, and the limitations will be explained. Incident containment is the first part that minimizes the impact on the organization. ...

Get Incident Response for Windows now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Incident Response for Windows by Anatoly Tykushin, Svetlana Ostrovskaya

12

Incident Containment, Eradication, and Recovery

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly