search

Eradication tools and techniques

hashtag
What tools are used for eradication?

  • Imaging software and backup software

  • Antivirus

  • Vulnerability scanners, port scanners, etc.

  • Patch management tools

hashtag
Imaging software and backup software

Needed to restore computer images back to clean state

Verify accessibility of backup images

Consult with DR/BCP for times to recovery, e.g. MTTR, RPO may be useful

hashtag
Antivirus

Will need to check restored systems to verify any infections are eradicated

If there are new malware signatures, scan images as well

Sometimes the first round of effort to eradicate fails

  • Devices might get missed the first time

hashtag
Vulnerability scanners/port scanners

See if root cause vulnerabilities still exist

Sometimes, specific open ports are signs of infection

PreviousNotificationNextIncident recovery

Last updated