Chapter 4: Applying First Response Procedures

In this chapter, we will have the opportunity to apply the concepts learned in the previous chapters in a very practical way, using scenarios of cases related to cybersecurity incidents. As mentioned in the previous chapters, one of the main objectives of first-response procedures is to get useful information to investigate a cybersecurity incident.

So, there are several things that we must ask ourselves based on the information we have on the case:

What are the possible sources of data?
What kind of technology is behind the device from which I should get the information?
How volatile is the data?
Can I take the device into custody if necessary, or is that device required for business continuity? ...

Get Incident Response with Threat Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Incident Response with Threat Intelligence by Roberto Martínez

Chapter 4: Applying First Response Procedures

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly