Preparing for Incident Response in Virtual Space

A first responder’s job is tough. The sheer number of ways it’s possible to configure a system or network is hard enough. Add virtualization to the mix, and that would be plenty to make your head spin—that’s before the toolbox is even pulled out. As a response strategy is being formulated, it is imperative that the analyst understand the environment. Some critical questions that need answering right away might include these:

  • What is the scope of the network?
  • How is the environment configured?
  • Which machines have been compromised?
  • What are their roles and where are they?

Given what we already know about how virtual environments exist, whether host or server based, would it be safe to assume that ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.