Online Courses
Cyber Incident Response
Online Courses
Cyber Incident Response
  • Cyber Incident Response
  • Incident Response Fundamentals
    • Introduction to Incident Response
    • Why is incident response needed?
    • Incident Response Phases
    • Business Continuity and Disaster Recovery roles
    • Building an IR playbook
    • Building and IR team
    • Quiz
  • Stages of Incident Response
    • Incident definitions and severity criteria
    • Identifying threats and vulnerabilities
    • Incident Response assets inventory and identification
    • Incident identification
      • Incident Response classification levels
      • Communication/notification of an incident
      • Identification tools and techniques
    • Incident containment
      • Determining status of infected/affected computing resources
      • Containment actions
      • Containment tools and techniques
    • Incident investigation
      • Investigation data sources
      • The role of Digital Forensics
    • Incident eradication
      • Cleanup and verification
      • Notification
      • Eradication tools and techniques
    • Incident recovery
      • Service and System restoration
      • Certification and validation of Business Continuity
      • Recovery and restoration tools and techniques
  • Follow Up / Lessons Learned
    • Assessing the team and processes' effectiveness
    • Implementing improvements
    • Feedback from other teams in the organization
    • Quiz
  • Understanding the Incident Response process and tools quiz
Powered by GitBook
On this page
  • Common recovery and restoration tools
  • Imaging software
  • Hardware
  • Device management suites
  • Change and configuration base lining tools
  • System monitoring tools
  1. Stages of Incident Response
  2. Incident recovery

Recovery and restoration tools and techniques

Common recovery and restoration tools

  • Imaging software

  • Spare/replacement hardware

  • Device management suites

  • Change and configuration base lining tools and documentation

  • System monitoring suites

Most of these will already exist as part of normal IT operations

Imaging software

Infected or destroyed systems need to be re-imaged

May be under the umbrella of IT

Verify images are not compromised before using

Hardware

Some incidents may require replacement of hardware

  • Physical intrusion and compromise

  • Physical intrusion where equipment is destroyed

  • DDoS that causes CPUs to get so hot that motherboard is damaged

Device management suites

Some of the restoration activities may be part of these suites already

Makes it easier and more efficient when restarting large numbers of devices

Work with IT on access and/or licensing

Change and configuration base lining tools

Official baselines will help you establish "normal" operations

There may be lag time between system updates and image refreshes

In larger organizations, changes to systems may still be happening during the incident

Smaller organizations without change management should rely on baseline documentation

System monitoring tools

Need to be able to monitor systems for any recurring abnormal behavior

Can also help with establishing new baselines

  • I.e., updates to new hardware or software due to breach may cause slight change in system behavior

    • Abnormal or new behavior may not be malicious

PreviousCertification and validation of Business ContinuityNextAssessing the team and processes' effectiveness

Last updated 8 months ago