In this video, discover the need for a Definitive Media Library by explaining the importance of having a copy of every piece of software—and their licenses—within the organization to minimize the time it takes to recover.
- [Instructor] In a previous video, … I mentioned the term Definitive Media Library … in reference to the software we're going to use … a definitive media library, or DML is, … and why it's important to us as incident responders. … A definitive media library, or DML, … This means that it has a copy of each and every … or more software libraries, or file storage areas … Or it can be created physically. … 20 years ago, I carried around a binder … with CDs of each and every program … that I might need when working … on a computer during an incident. … For example, I had a copy of Windows 98 and a CD … with all of the updates that I might need. … The key with the definitive media library … checked for malware, and is authorized for use … These days, I don't carry around a binder … a portable hard drive with each piece of software on it. … Now when I need to use it, I check that software … against a list of known good hash values … Another key consideration with … the software resources is licensing. …
Author
Jason Dion
Released
6/21/2019- Differences between events and incidents
- Elements of policies, plans, and procedures
- The structure of the incident response team
- Selecting a team model
- Leading a team during an incident
- Internal information sharing
- Incident prevention
- Detection and analysis
- Containment, eradication, and recovery
- Calculating the cost of an incident
Skill Level Beginner
Duration
Views
-
Introduction
-
The need for a plan2m 34s
-
1. Incident Response Planning
-
Events and incidents4m 56s
-
Elements of a policy6m 12s
-
Elements of a plan5m 13s
-
Elements of a procedure3m 42s
-
-
2. Incident Response Team
-
Different team models6m 46s
-
Selecting a team model6m 3s
-
Incident response personnel5m 13s
-
Organizational dependencies6m 23s
-
3. Communication
-
Coordinating your efforts3m 58s
-
Internal information sharing3m 33s
-
Business impact analysis1m 48s
-
Technical analysis4m 4s
-
External information sharing3m 57s
-
-
4. Preparation
-
Preparation2m 14s
-
Hardware and software4m 22s
-
Software resources2m 56s
-
Incident prevention6m 34s
-
-
5. Detection and Analysis
-
Attack vectors5m 18s
-
Detecting an incident4m 25s
-
Indicators of compromise3m 50s
-
Conducting analysis5m 30s
-
Documenting the incident3m 21s
-
Prioritizing the incident5m 28s
-
Notification procedures2m 11s
-
-
6. Containment, Eradication, and Recovery
-
Containment strategies6m 29s
-
Identifying the attacker3m 4s
-
Eradication and recovery4m 54s
-
-
7. Post-Incident Activity
-
Lessons learned3m 48s
-
Metrics and measures3m 15s
-
Retaining the evidence2m 9s
-
Calculating the cost2m 10s
-
-
Conclusion
-
What to do next2m 17s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Software resources