Incident eradication
Eradication
Deals with the actual cleaning, removing or re-imaging of systems
Documentation is key
Should work from documented and approved steps
Don't lean into your own understanding!
Preventative methods can be improved here
Scanning of restored or re-imaged systems to ensure infections are gone
Main goal is to make sure theat is completely removed
Cleaning, wiping and restoration
Cleaing should be a defined process
Re-imaging may not be enough
Bios rootkits, boot sector, etc.
Define whose role is responsible for "cleaning"
Use original disk images
Remember to patch back up to latest
Remember to check images
Are they compromised as well?
Cloud considerations
You no longer have physical access
"Sanitize" will have a different meaning
"Eradicate" may have a different meaning
Re-imaging could be easier
Communicate with CSP during preparation phase
Last updated