Incident Handling Process Overview
The incident handling process defines a capability for organizations to prepare, detect, and respond to malicious events.
investigating and recovering.The investigation aims to:
Discover the initial 'patient zero' victim and create an (ongoing if still active) incident timeline
Determine what tools and malware the adversary used
Document the compromised systems and what the adversary has done
Last updated