Intro to Cyber Incident Response Series

Upgrade Your IR Approach

Many organizations (large and small) are starting to think more formally about incident response and how to properly deal with incidents. This series outlines our approach to cyber incident response.

It’s based on a core principle of “Divide and Conquer”, which breaks up big investigative questions (such as “is this computer compromised”) into smaller and smaller questions until you get to one that can be answered with simple data (such as “are there suspicious startup items”).

• Buyer’s Guide
• Understanding Analysis Categories
• How to Identify Users
• How to Investigate User Logins
• How to Investigate User Activity
• How to Detect Malware Persistence
• How to Detect Running Malware
• How to Detect Malware Remnants
• How to Detect System Configuration Changes.