Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Common containment tools
  • Forensics tools
  • Endpoint management tools
  • Network and infrastructure equipment
  1. Stages of Incident Response
  2. Incident containment

Containment tools and techniques

Common containment tools

  • Packet sniffers

  • Forensics tools

  • Endpoint management tools

  • Network and infrastructure equipment

Forensics tools

Check memory/network/hosts for signs of compromise

Sometimes these tools are best for verification of infection

Endpoint management tools

Generally not security tools

Useful for quickly shutting down or removing devices from the network

May also assist in assessing whether a device may be compromised

Network and infrastructure equipment

Aid in traffic isolation

May be able to "disconnect" a device without physically disconnecting it

Route traffic to sandboxes or research DMZs for observation

PreviousContainment actionsNextIncident investigation

Last updated 8 months ago