In this video, discover the various hardware and software products that are needed by the incident response team in their toolkits.
- [Instructor] The next area to consider in your preparation … you're going to need inside your instant response toolkit … for you to be effective during a response. … It's important to figure this out during the preparing stage … because your organization needs to purchase all these items, … configure them and train your teams how to use them all … before an incident actually occurs. … The first thing you're going to need … digital forensics workstation and backup devices. … These are used to make disk images, … capture logs and save other information … during your evidence collection within the incident. … A forensics workstation will also be used … to conduct analysis of any disk images … that are captured by members of your team. … like the forensic toolkit known as FTK or EnCase. … These software packages are quite expensive … and can run between 5 and $10 thousand or more. … They also require proper training to use them effectively … so it's important to budget … for their annual license and training costs …
Author
Jason Dion
Released
6/21/2019- Differences between events and incidents
- Elements of policies, plans, and procedures
- The structure of the incident response team
- Selecting a team model
- Leading a team during an incident
- Internal information sharing
- Incident prevention
- Detection and analysis
- Containment, eradication, and recovery
- Calculating the cost of an incident
Skill Level Beginner
Duration
Views
-
Introduction
-
The need for a plan2m 34s
-
1. Incident Response Planning
-
Events and incidents4m 56s
-
Elements of a policy6m 12s
-
Elements of a plan5m 13s
-
Elements of a procedure3m 42s
-
-
2. Incident Response Team
-
Different team models6m 46s
-
Selecting a team model6m 3s
-
Incident response personnel5m 13s
-
Organizational dependencies6m 23s
-
3. Communication
-
Coordinating your efforts3m 58s
-
Internal information sharing3m 33s
-
Business impact analysis1m 48s
-
Technical analysis4m 4s
-
External information sharing3m 57s
-
-
4. Preparation
-
Preparation2m 14s
-
Hardware and software4m 22s
-
Software resources2m 56s
-
Incident prevention6m 34s
-
-
5. Detection and Analysis
-
Attack vectors5m 18s
-
Detecting an incident4m 25s
-
Indicators of compromise3m 50s
-
Conducting analysis5m 30s
-
Documenting the incident3m 21s
-
Prioritizing the incident5m 28s
-
Notification procedures2m 11s
-
-
6. Containment, Eradication, and Recovery
-
Containment strategies6m 29s
-
Identifying the attacker3m 4s
-
Eradication and recovery4m 54s
-
-
7. Post-Incident Activity
-
Lessons learned3m 48s
-
Metrics and measures3m 15s
-
Retaining the evidence2m 9s
-
Calculating the cost2m 10s
-
-
Conclusion
-
What to do next2m 17s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Hardware and software