Security Incidents mailing list archives
RE: Incident investigation methodologies
From: "Gaydosh, Adam" <GaydoshA () ctcgsc org>
Date: Fri, 4 Jun 2004 11:51:41 -0400
In response to:
To try again...what I'm suggesting is a documented, verifiable, repeatable methodology for incident response. I'm aware that the implemented methodology will have to specific to the platform (ie, Windows, Linux, *nix, *BSD, etc). I'm also aware that the framework will have to be flexible enough to allow new information to be incorporated.
I think that NIST SP 800-61 Computer Security Incident Handling Guide, January 2004 [http://csrc.nist.gov/publications/nistpubs/index.html] should cover that quite conclusively. As a side note, I think the folks at NIST put out lots of great pubs that are sorely under-utilized, not only by other agencies but the InfoSec community at large...no need to duplicate efforts. Anyways, this framework seems to be quite a bit more general than what I thought you were requesting in your original post, essentially detailed CERT bulletins analyzing real-world incidents, to provide more useful field response type notes? Seems to me that this is already being done to varying degree by different communities and may just need correlated...from the various A/V and other security vendors advisories, to many of the papers in the www.rootkit.com vault that analyze specific Windows rootkits, for example. And I'm sure there are tons more! Also, what do you think various news portals that try to round this all up, a la http://www.infosyssec.com/? Please let me know if I am way off-base...
Current thread:
- Re: Incident investigation methodologies FRCMSEC (Jun 04)
- Re: Incident investigation methodologies Harlan Carvey (Jun 04)
- <Possible follow-ups>
- Re: Incident investigation methodologies Maarten Van Horenbeeck (Jun 04)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 04)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Barry Fitzgerald (Jun 09)
- RE: Incident investigation methodologies Tim Hollebeek (Jun 10)
- Re: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Gaydosh, Adam (Jun 04)
- RE: Incident investigation methodologies Steven Trewick (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Dave Paris (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 07)
- RE: Incident investigation methodologies pfft (Jun 13)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 13)