Player FMアプリでオフラインにしPlayer FMう!
Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)
Manage episode 422317233 series 3578563
Show Notes: Episode on Containment, Eradication, and Recovery
In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.
Key Topics Covered:
- Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
- Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
- Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
- Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
- Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
- Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.
Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.
16 つのエピソード
Manage episode 422317233 series 3578563
Show Notes: Episode on Containment, Eradication, and Recovery
In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.
Key Topics Covered:
- Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
- Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
- Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
- Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
- Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
- Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.
Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.
16 つのエピソード
すべてのエピソード
×プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。