Sign up to save your podcasts
Or
Share Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)
Send us a text
Show Notes: Episode on Containment, Eradication, and Recovery
In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.
Key Topics Covered:
- Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
- Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
- Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
- Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
- Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
- Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.
Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.
View all episodes
By Clint MarsdenSend us a text
Show Notes: Episode on Containment, Eradication, and Recovery
In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.
Key Topics Covered:
- Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
- Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
- Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
- Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
- Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
- Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.
Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.