Eradication tools and techniques

What tools are used for eradication?

  • Imaging software and backup software

  • Antivirus

  • Vulnerability scanners, port scanners, etc.

  • Patch management tools

Imaging software and backup software

Needed to restore computer images back to clean state

Verify accessibility of backup images

Consult with DR/BCP for times to recovery, e.g. MTTR, RPO may be useful

Antivirus

Will need to check restored systems to verify any infections are eradicated

If there are new malware signatures, scan images as well

Sometimes the first round of effort to eradicate fails

  • Devices might get missed the first time

Vulnerability scanners/port scanners

See if root cause vulnerabilities still exist

Sometimes, specific open ports are signs of infection

Last updated