This article explains how a disk image can be taken from a virtual machine running on the public cloud. The acquired disk image can then be used with offline forensic tools like Autopsy and Encase.
Category: Incident Response
Grand List of Incident Management Frameworks
Forming a Computer Security Incident Response Team (CSIRT) is a complicated affair. It involves a certain combination of staff, processes and technologies.
Luckily, numerous incident management frameworks are available for the rescue. They all aim to provide a structured approach for establishing incident response teams in your organisation.
This post provides a general overview of the most popular incident management frameworks.
Should SOCs monitor application or infrastructure logs for suspicious events?
We learned from the previous article that SOCs/Incident Response teams should be looking for threats that represent high-level risks to the normal business activities.
We know the who, but how can we define what needs to be protected?
Assume your company has over a thousand business applications. They are hosted in multiple data centres as well as in the cloud. There are Windows and Linux hosts, and many of these are not patched of course. On top of that, nobody knows who owns them.
The following article cuts through this complexity and explains a simple approach.
Risk-Driven Incident Response
Psst! Do you wanna protect your company from security incidents?
But what you have is hundreds of apps, your infrastructure looks like a bowl of spaghetti and the company is short on resources? Don’t worry, it’s doable with careful planning!
This risk-based incident response framework lets you target the most critical things at your organisation. Keep on reading and your incident response team will operate as a powerful sniper rifle, rather than a clunky shotgun.
Ransomware Playbook for Managing Infections
Ransomware is a variation of malicious software that encrypts the victim’s files without any consent, then demands a ransom in exchange for the decryption keys. This is a lucrative, multi-million-dollar business model, which targets hundreds of thousands of users each day.
Files becoming unavailable could lead to the disruption of normal business activities, therefore it costs money. A formal incident response playbook with effective pre-designed instructions, however, helps minimize the impact on the business.
Writing Incident Response Runbooks
Incident response runbook (aka. playbook, “use case”) is a written guidance for identifying, containing, eradicating and recovering from cyber security incidents.
Check out this practical guide that walks you through the runbook development process for tackling phishing campaigns.