EDR and Forensics tools can be very expensive. This post looks at some cheap, or free, DFIR alternatives you absolutely should consider. Even if you have a good budget for high-end professional tools, it's worth building these into a toolbox you can use to solve problems or unexpected situations.
Linux DFIR may feel like it is a complicated and arcane process, but it doesn't need to be. Yes, there are challenges around memory collection and lots of modern EDR…
Linux incident response is straightforward but it does need some practice to get used to the key elements. This post looks at some of these to help kickstart your IR.
Lessons Learned is the final phase of the incident response cycle. This is where you identify the root cause of the incident and any problems or issues you faced with the response. Your findings should always feed back into the planning phase. This keeps the cycle working and improving.
Recovery is the fifth phase of the incident response cycle. This is the time to bring your services back online and restore normal business operations. Just make sure you do it in a secure manner.
Eradication is the fourth phase of the incident response cycle. This is the implementation of more permanent measures to get the attacker out of the network and keep them out.
Containment is the third phase of the IR Cycle. You investigate what happened and implement measures to stop the attack spreading or doing more harm than you are prepared to accept.
Identification is the second phase of the IR Cycle. This is where you determine if an incident has happened, what type of incident and how important it is to your business.
Preparation is the first phase of the IR Cycle. Doing well here is the difference between good incident response and dealing with a breach or crisis.
Breaches are pretty much inevitable. Having good incident response processes can be the difference between it being painful and it being catastrophic to your organisation.
Incident response is one of those things you really hope you'll never have to use, but know you will. Or at least you should know! Even with the best security, there…