Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Host-based tools
  • Network changes
  • Some systems may have been shut down
  1. Stages of Incident Response
  2. Incident eradication

Cleanup and verification

There will be processes, tools and other things put into place for IR

They will all need to be removed and cleaned up

Host-based tools

Sometimes these tools can be disruptive

Must be removed to completely return to normal operations

  • This may need revisiting in recovery

Network changes

  • Span port changes

  • Routing changes

  • Network monitoring changes

    • All these need to be undone

Some systems may have been shut down

Restart systems that were shut down

Consider impact of bringing these systems back up

Consider the order in which systems are brought back up

PreviousIncident eradicationNextNotification

Last updated 9 months ago