SlideShare une entreprise Scribd logo

Forensic3e ppt ch13

Télécharger en tant que PPTX, PDF
S
Skillspire LLC

cybersecurity

Formation
1  sur  26
© 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. System Forensics, Investigation, and Response Lesson 13 Incident and Intrusion Response
Page 2 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Describe incident and intrusion response.  Understand how to forensically respond to intrusions.
Page 3 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Disaster recovery  Evidence preservation  How to integrate forensics to incident response
Page 4 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Disaster Recovery?  Steps taken after an information technology- related disaster to restore operations  Forensic techniques may be best method for determining what caused the disaster and for avoiding a repeat of it  Forensic process begins once an incident has been discovered • Is not fully underway until after the disaster or incident is contained
Page 5 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Response Plan In place to respond to: • Fire • Flood • Hurricane • Tornado • Hard drive failure • Network outage • Malware infection • Data theft or deletion • Intrusion
Page 6 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Continuity, Incident Response, and Disaster Recovery Incident response Disaster recovery Business continuity Digital forensics
Page 7 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Plans Business continuity plan (BCP) • Focuses on keeping an organization functioning as well as possible until a full recovery can be made Disaster recovery plan (DRP) • Focuses on executing a full recovery to normal operations • Sometimes referred to as an incident response plan (IRP)
Page 8 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Plans (Cont.) In other words: • BCP concerned with maintaining at least minimal operations until organization can be returned to full functionality • DRP focuses on returning to full functionality
Page 9 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Standards for BCPs ISO 27001 NIST 800-34 NFPA 1600
Page 10 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Standards for BCPs (Cont.) ISO 27035 NIST 800-61
Page 11 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Impact Analysis (BIA) A study that identifies the effects a disaster would have on business and IT functions • Studies include interviews, surveys, meetings, and so on Identifies the priority of different critical systems Considers maximum tolerable downtime (MTD)
Page 12 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Maximum Tolerable Downtime (MTD)  A measure of how long a system or systems can be down before it is impossible for the organization to recover  Related to: • Mean time to repair (MTTR) – The average time it takes to repair an item • Mean time to failure (MTTF) – The amount of time, on average, before a given device is likely to fail through normal use
Page 13 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Recovery Plan Recovery plan BCP DRP BIA
Page 14 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Recovery Plan (cont.) 1. Alternate equipment identified? 2. Alternate facilities identified? 3. Mechanism in place for contacting all affected parties, employees, vendors, customers, and contractors, even if primary means of communication are down? 4. Off-site backup of the data exists? 5. Can backup be readily retrieved and restored?
Page 15 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Backups Full – All changes Differential – All changes since the last full backup Incremental – All changes since the last backup of any type Hierarchical storage management (HSM) – Continuous backup
Page 16 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Post-Recovery Follow-Up After recovery, find out what happened and why (involves forensics): • Was disaster caused by some weakness in the system? • Negligence by an individual? • A gap in policy? • An intentional act?
Page 17 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Response Containment Eradication Recovery Follow-up
Page 18 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Containment Limit the incident Prevent it from affecting more systems
Page 19 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Eradication Fix vulnerabilities • Example: Remove the malware Perform comprehensive examination of what occurred and how far it reached Ensure that the issue was completely addressed Forensics begins at this stage
Page 20 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Recovery Involves returning the affected systems to normal status If malware: • Ensure the system is back in full working order with no presence of malware • Might need to restore software and data from backup
Page 21 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Follow-up Forensics plays a critical role IT team must determine: • How incident occurred • What steps can be taken to prevent incident from reoccurring
Page 22 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Preserving Evidence  An event: • Is any observable occurrence within a system or network • Includes network activity, such as when a user accesses files on a server or when a firewall blocks network traffic  Adverse events have negative results or negative consequences • Example: An attack on a system
Page 23 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Computer Security Incidents Denial of service (DoS) attacks Malicious code Unauthorized access Inappropriate usage
Page 24 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Preserving Evidence (Cont.) Recovery often performed at the expense of preserving forensic evidence Failure to preserve forensic information: • Prevents IT team from effectively evaluating cause of incident • Makes it difficult to modify company policies and procedures to reduce risk Forensic data is key to preventing future incidents
Page 25 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Adding Forensics to Incident Response  Identify forensic resources the organization can use in case of an incident  Identify an outside party that can respond to incidents with forensically trained personnel  Weave forensic methodology into organization's incident response policy  Provide appropriate training to staff for preserving evidence
Page 26 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary Disaster recovery Evidence preservation How to integrate forensics to incident response

Recommandé

Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Forensic3e ppt ch08
Forensic3e ppt ch08Forensic3e ppt ch08
Forensic3e ppt ch08Skillspire LLC
 
Forensic3e ppt ch06
Forensic3e ppt ch06Forensic3e ppt ch06
Forensic3e ppt ch06Skillspire LLC
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
 

Recommandé

Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Forensic3e ppt ch08
Forensic3e ppt ch08Forensic3e ppt ch08
Forensic3e ppt ch08Skillspire LLC
 
Forensic3e ppt ch06
Forensic3e ppt ch06Forensic3e ppt ch06
Forensic3e ppt ch06Skillspire LLC
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10Skillspire LLC
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
Sec4
Sec4Sec4
Sec4Anne Starr
 
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxSecurity Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxjeffreye3
 

Contenu connexe

Tendances

Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 

Tendances (20)

Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 

Similaire à Forensic3e ppt ch13

Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxSecurity Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxjeffreye3
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Pinzhang Chen 陈品璋
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxjeffreye3
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxkenjordan97598
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses- Mark - Fullbright
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineGraeme Parker
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxmary772
 
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in InfosecDominique Dessy
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfdotco
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Cyber Risk and Marine Insurance
Cyber Risk and Marine InsuranceCyber Risk and Marine Insurance
Cyber Risk and Marine InsurancePeter Hulyer
 

Similaire à Forensic3e ppt ch13 (20)

Sec4
Sec4Sec4
Sec4
 
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docxSecurity Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docx
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Topic11
Topic11Topic11
Topic11
 
)k
)k)k
)k
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
 
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docxCMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
 
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
Cyber Risk and Marine Insurance
Cyber Risk and Marine InsuranceCyber Risk and Marine Insurance
Cyber Risk and Marine Insurance
 

Plus de Skillspire LLC

Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analyticsSkillspire LLC
 

Plus de Skillspire LLC (20)

Logistics
LogisticsLogistics
Logistics
 
Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analytics
 
Lecture 31
Lecture 31Lecture 31
Lecture 31
 
Lecture 30
Lecture 30Lecture 30
Lecture 30
 
Lecture 29
Lecture 29Lecture 29
Lecture 29
 
Review
ReviewReview
Review
 
Review version 4
Review version 4Review version 4
Review version 4
 
Review version 3
Review version 3Review version 3
Review version 3
 
Review version 2
Review version 2Review version 2
Review version 2
 
Lecture 25
Lecture 25Lecture 25
Lecture 25
 
Lecture 24
Lecture 24Lecture 24
Lecture 24
 
Lecture 23 p1
Lecture 23 p1Lecture 23 p1
Lecture 23 p1
 
Lecture 21
Lecture 21Lecture 21
Lecture 21
 
Lecture 17
Lecture 17Lecture 17
Lecture 17
 
Lecture 16
Lecture 16Lecture 16
Lecture 16
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 13
Lecture 13Lecture 13
Lecture 13
 
Lecture 12
Lecture 12Lecture 12
Lecture 12
 

Dernier

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Dernier (20)

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

Forensic3e ppt ch13

  • 1. © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. System Forensics, Investigation, and Response Lesson 13 Incident and Intrusion Response
  • 2. Page 2 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Describe incident and intrusion response.  Understand how to forensically respond to intrusions.
  • 3. Page 3 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Disaster recovery  Evidence preservation  How to integrate forensics to incident response
  • 4. Page 4 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Disaster Recovery?  Steps taken after an information technology- related disaster to restore operations  Forensic techniques may be best method for determining what caused the disaster and for avoiding a repeat of it  Forensic process begins once an incident has been discovered • Is not fully underway until after the disaster or incident is contained
  • 5. Page 5 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Response Plan In place to respond to: • Fire • Flood • Hurricane • Tornado • Hard drive failure • Network outage • Malware infection • Data theft or deletion • Intrusion
  • 6. Page 6 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Continuity, Incident Response, and Disaster Recovery Incident response Disaster recovery Business continuity Digital forensics
  • 7. Page 7 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Plans Business continuity plan (BCP) • Focuses on keeping an organization functioning as well as possible until a full recovery can be made Disaster recovery plan (DRP) • Focuses on executing a full recovery to normal operations • Sometimes referred to as an incident response plan (IRP)
  • 8. Page 8 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Plans (Cont.) In other words: • BCP concerned with maintaining at least minimal operations until organization can be returned to full functionality • DRP focuses on returning to full functionality
  • 9. Page 9 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Standards for BCPs ISO 27001 NIST 800-34 NFPA 1600
  • 10. Page 10 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Standards for BCPs (Cont.) ISO 27035 NIST 800-61
  • 11. Page 11 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Impact Analysis (BIA) A study that identifies the effects a disaster would have on business and IT functions • Studies include interviews, surveys, meetings, and so on Identifies the priority of different critical systems Considers maximum tolerable downtime (MTD)
  • 12. Page 12 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Maximum Tolerable Downtime (MTD)  A measure of how long a system or systems can be down before it is impossible for the organization to recover  Related to: • Mean time to repair (MTTR) – The average time it takes to repair an item • Mean time to failure (MTTF) – The amount of time, on average, before a given device is likely to fail through normal use
  • 13. Page 13 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Recovery Plan Recovery plan BCP DRP BIA
  • 14. Page 14 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Recovery Plan (cont.) 1. Alternate equipment identified? 2. Alternate facilities identified? 3. Mechanism in place for contacting all affected parties, employees, vendors, customers, and contractors, even if primary means of communication are down? 4. Off-site backup of the data exists? 5. Can backup be readily retrieved and restored?
  • 15. Page 15 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Backups Full – All changes Differential – All changes since the last full backup Incremental – All changes since the last backup of any type Hierarchical storage management (HSM) – Continuous backup
  • 16. Page 16 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Post-Recovery Follow-Up After recovery, find out what happened and why (involves forensics): • Was disaster caused by some weakness in the system? • Negligence by an individual? • A gap in policy? • An intentional act?
  • 17. Page 17 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Response Containment Eradication Recovery Follow-up
  • 18. Page 18 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Containment Limit the incident Prevent it from affecting more systems
  • 19. Page 19 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Eradication Fix vulnerabilities • Example: Remove the malware Perform comprehensive examination of what occurred and how far it reached Ensure that the issue was completely addressed Forensics begins at this stage
  • 20. Page 20 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Recovery Involves returning the affected systems to normal status If malware: • Ensure the system is back in full working order with no presence of malware • Might need to restore software and data from backup
  • 21. Page 21 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Follow-up Forensics plays a critical role IT team must determine: • How incident occurred • What steps can be taken to prevent incident from reoccurring
  • 22. Page 22 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Preserving Evidence  An event: • Is any observable occurrence within a system or network • Includes network activity, such as when a user accesses files on a server or when a firewall blocks network traffic  Adverse events have negative results or negative consequences • Example: An attack on a system
  • 23. Page 23 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Computer Security Incidents Denial of service (DoS) attacks Malicious code Unauthorized access Inappropriate usage
  • 24. Page 24 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Preserving Evidence (Cont.) Recovery often performed at the expense of preserving forensic evidence Failure to preserve forensic information: • Prevents IT team from effectively evaluating cause of incident • Makes it difficult to modify company policies and procedures to reduce risk Forensic data is key to preventing future incidents
  • 25. Page 25 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Adding Forensics to Incident Response  Identify forensic resources the organization can use in case of an incident  Identify an outside party that can respond to incidents with forensically trained personnel  Weave forensic methodology into organization's incident response policy  Provide appropriate training to staff for preserving evidence
  • 26. Page 26 System Forensics, Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary Disaster recovery Evidence preservation How to integrate forensics to incident response