Incident Response Discussion
Question Description
- Why is it important to keep case notes? How often should you update them?
- In February 2013, Mandiant published a report that detailed the group known as APT 1. This report outlines the typical attack progression observed at numerous victim organizations. In the section titled APT 1: Attack Lifecycle, the typical process used for internal reconnaissance is described. Using the methodology described, generate a set of indicators that can help your organization identify this type of activity. Note that a methodology indicator does not necessarily identify malware. Consider both host-based and network-based indicators.
- If your evidence sources do not include multiple independent categories, what steps could you take to increase confidence in your conclusions?
- In the customer data loss scenario, a number of steps were taken to verify the customer’s complaints. List at least two other useful steps you could have taken to help verify the customer’s complaints or isolate the source of the data loss.
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."
