Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
TLP - The Digital Forensics Podcast - Episode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

Episode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

05/31/24 • 11 min

TLP - The Digital Forensics Podcast

Send us a text

In this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident.
Not all of these are needed, or relevant when tracking your incident and Clint explains when to categorise incidents using these factors.
To finish off, Clint discusses incident notification - Who are the stakeholders that need to be informed and included in your incident response process, and how will they be notified?
Auscert: www.auscert.org.au

plus icon
bookmark

Send us a text

In this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident.
Not all of these are needed, or relevant when tracking your incident and Clint explains when to categorise incidents using these factors.
To finish off, Clint discusses incident notification - Who are the stakeholders that need to be informed and included in your incident response process, and how will they be notified?
Auscert: www.auscert.org.au

Previous Episode

undefined - Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)

Send us a text

In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61.
Attack vectors for digital security incidents, including insider threats and weaponized USBs.
Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentation
The importance of following temporal linearity in Forensic Investigations, expanding analysis to 5-10 minutes prior to and after events, particularly in Internet History and Memory Dumps
Building a baseline of activity through network pcaps and log analysis
Why synchronised clocks are important?
How detailed notes help in your investigations

Next Episode

undefined - Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)

Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)

Send us a text

Show Notes: Episode on Containment, Eradication, and Recovery

In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling.

Key Topics Covered:

  • Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection and network isolation.
  • Real-World Example: Clint shares an incident response case where premature action against attackers led to a total domain takeover.
  • Evidence Gathering and Handling: The use of tools like write blockers to preserve evidence integrity.
  • Threat Analysis: Highlights passive techniques for analysing threats without alerting attackers, such as remote log analysis and OPSEC to track attackers
  • Restoration and Recovery: Covers steps to restore systems to normal operations, including vulnerability patching, backup restoration, and password resets.
  • Future Considerations: Suggests engaging with external vendors for comprehensive incident response and utilizing threat intelligence platforms.

Join Clint Marsden as he guides you through the intricacies of incident response, helping you enhance your digital forensics skills. Follow Clint Marsden on LinkedIn (https://www.linkedin.com/in/clintmarsden/) and TLP on Linked In https://www.linkedin.com/company/traffic-light-protocol-the-digital-forensics-podcast-tlp for more updates and insights.

If you like this episode you’ll love
ITSPmagazine Podcasts

ITSPmagazine Podcasts

Channels with Peter Kafka

Channels with Peter Kafka

Darknet Diaries

Darknet Diaries

a16z Podcast

a16z Podcast

Aspen Ideas to Go

Aspen Ideas to Go

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/tlp-the-digital-forensics-podcast-499070/episode-3-part-2-nist-sp-800-61-computer-security-incident-handling-gu-65954508"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to episode 3 - (part 2) nist sp 800-61 computer security incident handling guide (detection) on goodpods" style="width: 225px" /> </a>

Copy