Operations and Incident Response

From Smithnet Wiki
Revision as of 21:02, 17 February 2023 by NickPGSmith (talk | contribs) (1 revision imported)
Jump to navigation Jump to search

Incident Response Programs

Build and incident response program

Creating an incident response team

Incident response communication plan

Incident identification

Escalation and notification

Mitigation

Incident eradiation and recovery

Validation

Post0incident activities

Incident response exercises

Attack Frameworks

MITRE ATT&CK

Diamond Model of Intrusion Analysis

Cyber kill chain analysis

Incident Investigation

Logging security information

Security information and event management

Cloud audits and investigations

Forensic Techniques

Conducting investigations

Evidence types

Introduction to forensics

System and file forensics

File carving

Creating forensic images

Digital forensic images

Operating system analysis

Password forensics

Network forensics

Software forensics

Mobile device forensics

Embedded device forensics

Chain of custody

eDiscovery and evidence production

Explitation frameworks

Retrieved from ‘https://www.smithnet.org.uk/wiki/index.php?title=Operations_and_Incident_Response&oldid=474