Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • What tools are used for eradication?
  • Imaging software and backup software
  • Antivirus
  • Vulnerability scanners/port scanners
  1. Stages of Incident Response
  2. Incident eradication

Eradication tools and techniques

What tools are used for eradication?

  • Imaging software and backup software

  • Antivirus

  • Vulnerability scanners, port scanners, etc.

  • Patch management tools

Imaging software and backup software

Needed to restore computer images back to clean state

Verify accessibility of backup images

Consult with DR/BCP for times to recovery, e.g. MTTR, RPO may be useful

Antivirus

Will need to check restored systems to verify any infections are eradicated

If there are new malware signatures, scan images as well

Sometimes the first round of effort to eradicate fails

  • Devices might get missed the first time

Vulnerability scanners/port scanners

See if root cause vulnerabilities still exist

Sometimes, specific open ports are signs of infection

PreviousNotificationNextIncident recovery

Last updated 8 months ago