First and foremost, in the wake of an incident, do not panic. This will result in human error and destroy much needed information on the scene. Should an incident occur, the Incident Response Team should refrain from any of the following: · Log in and poke around · Let others do the same · Run attack probes to determine if your site is vulnerable to a particular attack · Halt the machine via an unapproved or abnormal procedure · Engage the attacker
Incident Response and Advanced Forensics
In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.