Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)
Manage episode 422317233 series 3578563
Show Notes: Episode on Containment, Eradication, and Recovery
In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.
Key Topics Covered:
- Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
- Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
- Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
- Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
- Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
- Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.
Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.
16 tập
Manage episode 422317233 series 3578563
Show Notes: Episode on Containment, Eradication, and Recovery
In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.
Key Topics Covered:
- Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
- Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
- Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
- Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
- Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
- Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.
Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.
16 tập
Tất cả các tập
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.