Eradication tools and techniques

What tools are used for eradication?

Needed to restore computer images back to clean state

Verify accessibility of backup images

Consult with DR/BCP for times to recovery, e.g. MTTR, RPO may be useful

Will need to check restored systems to verify any infections are eradicated

If there are new malware signatures, scan images as well

Sometimes the first round of effort to eradicate fails

See if root cause vulnerabilities still exist

Sometimes, specific open ports are signs of infection

Last updated 2 months ago