the most trusted source for computer security training, certification and research


SANS InfoSec Reading Room - Incident Handling

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Cenzic - 2

Featuring 42 papers as of May 12, 2008
Breach Notification in Incident Handling
Jeffery Buffington
March 4, 2008
- download paper PDF
Espionage - Utilizing Web 2.0, SSH Tunneling and a Trusted Insider
Ahmed Abdel-Aziz
February 11, 2008
- download paper PDF
Baselines and Incident Handling
Chris Christianson
January 29, 2008
- download paper PDF
Documentation is to Incident Response as an Air Tank is to Scuba Diving
Chet Langin
December 11, 2007
- download paper PDF
Multi-Tool DVD Sets: An important addition to the Incident Handler/ Pen Tester's toolkit
Jamal Bandukwala
November 20, 2007
- download paper PDF
Creating and Managing an Incident Response Team for a Large Company
Timothy Proffitt
July 18, 2007
- download paper PDF
An Incident Handling Process for Small and Medium Businesses
Mason Pokladnik
June 18, 2007
- download paper PDF
International Cybercrime Treaty: Looking Beyond Ratification
Daniel Robel
March 28, 2007
- download paper PDF
Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics
RickyD Smith
February 9, 2007
- download paper PDF
Secure File Deletion: Fact or Fiction?
John R. Mallery
January 18, 2007
- download paper PDF
Incident Management 101 Preparation & Initial Response (aka Identification)
Robin Dickerson
January 17, 2005
- download paper PDF
Reporting Incidents to an ISP with BlackICE ClearICE Report Utility and the Importance of Submitting Firewall Logs to the Dshield.org Project
Victor Arnaud
March 9, 2004
- download paper PDF
Building an Incident Response Program To Suit Your Business
Tia R. Osborne
October 31, 2003
- download paper PDF
Developing a Computer Forensics Team
Christine Vecchio-Flaim
October 31, 2003
- download paper PDF
Proposed Conceptual Tools for Managing Cost and Complexity When Securing Networks
Kathleen E. Howard
October 31, 2003
- download paper PDF
Identify Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock Proxy Service Log Fil
Saundra Coward
October 31, 2003
- download paper PDF
Nailing the Intruder
Vinay Narayan Disley
October 31, 2003
- download paper PDF
Reporting Unauthorized Intrusions: A "How To" Guide
Melton J. Roland
October 31, 2003
- download paper PDF
The Enemy Within: The Role of the Security Administrator in Apprehending and Terminating the Malicio
Robin Stuart
October 31, 2003
- download paper PDF
Successful Partnerships for Fighting Computer Crime
Beth Binde
October 31, 2003
- download paper PDF
Information Security: Handling Compromises
Craig L. Bowser
October 31, 2003
- download paper PDF
Collection and Dissemination of Computer and Internet Security Related Information
Scott Fox
October 31, 2003
- download paper PDF
Adventures in Computer Forensics
Diana J. Michaud
October 31, 2003
- download paper PDF
CodeRed II: Incident Handling Process and Procedures
Michael Goodwin
October 31, 2003
- download paper PDF
Investigating an Internal Case of Internet Abuse
Mal Wright
October 31, 2003
- download paper PDF
Computer Incident Response Team
Michelle Borodkin
October 31, 2003
- download paper PDF
Incident Response and Creating the CSIRT in Corporate America
Chris Thompson
October 31, 2003
- download paper PDF
An Overview of Disk Imaging Tool in Computer Forensics
Madihah Mohd Saudi
October 31, 2003
- download paper PDF
Combating Computer Crime
Jason Upchurch
October 31, 2003
- download paper PDF
Corporate Incident Handling Guidelines
David Theunissen
October 31, 2003
- download paper PDF
From Events to Incidents
Charles Pham
October 31, 2003
- download paper PDF
Computer Forensics: Introduction to Incident Response and Investigation of Windows NT/2000
Norman Haase
October 31, 2003
- download paper PDF
Computer Forensic Legal Standards and Equipment
Damian Tsoutsouris
October 31, 2003
- download paper PDF
One Incident Of Remediating The CRC 32 sshd1 Vulnerability
Rebecca Sander
October 31, 2003
- download paper PDF
Deterring Cyber Attacks
Christy Bilardo
October 31, 2003
- download paper PDF
The Coroners Toolkit - In depth
Clarke L. Jeffris
October 31, 2003
- download paper PDF
Computer Forensics - We've Had an Incident, Who Do We Get to Investigate?
Karen Ryder
October 31, 2003
- download paper PDF
What You Don't See On Your Hard Drive
Brian Kuepper
October 31, 2003
- download paper PDF
Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
Gary Belshaw
October 31, 2003
- download paper PDF
Building a Low Cost Forensics Workstation
Matthew McMillon
October 31, 2003
- download paper PDF
Implementing a Computer Incident Response Team in a Smaller, Limited Resource Organizational Setting
Mary Hall
October 31, 2003
- download paper PDF
Windows Responders Guide
Koon Yaw Tan
October 31, 2003
- download paper PDF

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT