Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Eradication
  • Cleaning, wiping and restoration
  • Cloud considerations
  1. Stages of Incident Response

Incident eradication

PreviousThe role of Digital ForensicsNextCleanup and verification

Last updated 8 months ago

Eradication

Deals with the actual cleaning, removing or re-imaging of systems

Documentation is key

Should work from documented and approved steps

  • Don't lean into your own understanding!

Preventative methods can be improved here

Scanning of restored or re-imaged systems to ensure infections are gone

Main goal is to make sure theat is completely removed

Cleaning, wiping and restoration

Cleaing should be a defined process

Re-imaging may not be enough

  • Bios rootkits, boot sector, etc.

Define whose role is responsible for "cleaning"

Use original disk images

Remember to patch back up to latest

Remember to check images

  • Are they compromised as well?

Cloud considerations

You no longer have physical access

"Sanitize" will have a different meaning

"Eradicate" may have a different meaning

Re-imaging could be easier

Communicate with CSP during preparation phase

10MB
Incident Response Stage 5: Eradication.pdf
pdf