Remediation - incident response tools
Remediation is the point in the process where you, as the incident responder, engage the threat and work to protect the organization from further harm.
Act (Response) (OODA) tools
Tools that should be part of an effective response toolkit include:
- Forensics tools: These tools allow you to accurately examine digital media using processes that allow for the establishment of a legal, sound, audit trail ensuring that you can accurately do the following:
- Identify important investigative information for backup
- Preserve identified information for future analysis
- Analyze preserved information to uncover facts
- Act on facts through further investigation, response, or reporting
Open source tool examples:
- CAINE: http://www.caine-live.net/
- SANS Investigative Forensic Toolkit (SIFT): https://digital-forensics.sans.org/community/downloads
- Backup tools: In most cases, it is safer to restore an environment from a backup rather than attempting to clean it after an intrusion has...
