CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Petar Cubela
2025-02-08 21:56:24 +01:00
commit 1f9564ca6a
471 changed files with 74368 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
areas/CyberSec/digital-forensics-and-incident-response.md Normal file
View File

@@ -0,0 +1,7 @@
## Incident Response
The four major phases of the incident response process are:
1. **Preparation:** This requires a team trained and ready to handle incidents. Ideally, various measures are put in place to prevent incidents from happening in the first place.
1. **Detection and Analysis:** The team has the necessary resources to detect any incident; moreover, it is essential to further analyze any detected incident to learn about its severity.
1. **Containment, Eradication, and Recovery:** Once an incident is detected, it is crucial to stop it from affecting other systems, eliminate it, and recover the affected systems. For instance, when we notice that a system is infected with a computer virus, we would like to stop (contain) the virus form spreading to other systems, clean (eradicate) the virus, and ensure proper system recovery.
1. **Post-Incident Activity:** After successful recovery, a report is produced, and the learned lesson is shared to prevent similar future incidents.