The order of volatility for data from most volatile to least volatile is: cache memory, regular RAM, swap or paging file, hard drive data, logs stored on remote systems, and archived media.
Category: Incident Management and Response
What is the Cyber Kill Chain® ?
The Lockheed Martin Cyber Kill Chain® method is the core of our Intelligence Driven Defense—our differentiator in the battle against advanced persistent threats. Experienced analysts monitor activities of cyberattackers during an event, record the information and use it to defend against them. They establish patterns of behavior and share that intelligence across domains to protect—proactively […]
Sample Incident Handling Forms
https://www.sans.org/score/incident-forms
Incident Response Methodology: The OODA Loop
Developed by US Air Force military strategist John Boyd, the OODA loop stands for Observe, Orient, Decide, and Act. Imagine you’re a pilot in a dogfight. You need a tool to determine the best way to act as quickly as possible when you’re under attack. It’s a useful analogy when applied to an incident response […]
What skills are needed for Incident Response?
Security Analysis is detective work – while other technical work pits you versus your knowledge of the technology, Security Analysis is one where you’re competing against an unknown and anonymous person’s knowledge of the technology. Detective work is full of false leads, dead ends, bad evidence, and unreliable witnesses – you’re going to learn to […]
What’s the Goal of an Incident Response Team?
The incident response team’s goal is to coordinate and align key resources and team members during a cyber security incident to minimize impact and restore operations as quickly as possible. This includes the following critical functions: investigation and analysis, communications, training, and awareness as well as documentation and timeline development. Determine and document the scope, […]
Who’s on the Incident Response Team?
Team Leader – Drives and coordinates all incident response team activity, and keeps the team focused on minimizing damage, and recovering quickly. Lead Investigator – Collects and analyzes all evidence, determines root cause, directs the other security analysts, and implements rapid system and service recovery. Communications Lead -Leads the effort on messaging and communications for […]