- Training
- Training - ALL
- Training - US / Canada
- Training - EMEA
- Training - International
- Training - Virtual
- SANS Courses
- Courses - Best Sellers
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Career Roadmap
- Certified Instructors
- Work Study
- Group Discounts
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
SANS InfoSec Reading Room - Incident Handling
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 42 papers as of May 12, 2008
- Breach Notification in Incident Handling
- Jeffery Buffington
- March 4, 2008
- - download paper
- Espionage - Utilizing Web 2.0, SSH Tunneling and a Trusted Insider
- Ahmed Abdel-Aziz
- February 11, 2008
- - download paper
- Baselines and Incident Handling
- Chris Christianson
- January 29, 2008
- - download paper
- Documentation is to Incident Response as an Air Tank is to Scuba Diving
- Chet Langin
- December 11, 2007
- - download paper
- Multi-Tool DVD Sets: An important addition to the Incident Handler/ Pen Tester's toolkit
- Jamal Bandukwala
- November 20, 2007
- - download paper
- Creating and Managing an Incident Response Team for a Large Company
- Timothy Proffitt
- July 18, 2007
- - download paper
- An Incident Handling Process for Small and Medium Businesses
- Mason Pokladnik
- June 18, 2007
- - download paper
- International Cybercrime Treaty: Looking Beyond Ratification
- Daniel Robel
- March 28, 2007
- - download paper
- Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics
- RickyD Smith
- February 9, 2007
- - download paper
- Secure File Deletion: Fact or Fiction?
- John R. Mallery
- January 18, 2007
- - download paper
- Incident Management 101 Preparation & Initial Response (aka Identification)
- Robin Dickerson
- January 17, 2005
- - download paper
- Reporting Incidents to an ISP with BlackICE ClearICE Report Utility and the Importance of Submitting Firewall Logs to the Dshield.org Project
- Victor Arnaud
- March 9, 2004
- - download paper
- Building an Incident Response Program To Suit Your Business
- Tia R. Osborne
- October 31, 2003
- - download paper
- Developing a Computer Forensics Team
- Christine Vecchio-Flaim
- October 31, 2003
- - download paper
- Proposed Conceptual Tools for Managing Cost and Complexity When Securing Networks
- Kathleen E. Howard
- October 31, 2003
- - download paper
- Identify Intrusions with Microsoft Proxy Server, Web Proxy Service and WinSock Proxy Service Log Fil
- Saundra Coward
- October 31, 2003
- - download paper
- Nailing the Intruder
- Vinay Narayan Disley
- October 31, 2003
- - download paper
- Reporting Unauthorized Intrusions: A "How To" Guide
- Melton J. Roland
- October 31, 2003
- - download paper
- The Enemy Within: The Role of the Security Administrator in Apprehending and Terminating the Malicio
- Robin Stuart
- October 31, 2003
- - download paper
- Successful Partnerships for Fighting Computer Crime
- Beth Binde
- October 31, 2003
- - download paper
- Information Security: Handling Compromises
- Craig L. Bowser
- October 31, 2003
- - download paper
- Collection and Dissemination of Computer and Internet Security Related Information
- Scott Fox
- October 31, 2003
- - download paper
- Adventures in Computer Forensics
- Diana J. Michaud
- October 31, 2003
- - download paper
- CodeRed II: Incident Handling Process and Procedures
- Michael Goodwin
- October 31, 2003
- - download paper
- Investigating an Internal Case of Internet Abuse
- Mal Wright
- October 31, 2003
- - download paper
- Computer Incident Response Team
- Michelle Borodkin
- October 31, 2003
- - download paper
- Incident Response and Creating the CSIRT in Corporate America
- Chris Thompson
- October 31, 2003
- - download paper
- An Overview of Disk Imaging Tool in Computer Forensics
- Madihah Mohd Saudi
- October 31, 2003
- - download paper
- Combating Computer Crime
- Jason Upchurch
- October 31, 2003
- - download paper
- Corporate Incident Handling Guidelines
- David Theunissen
- October 31, 2003
- - download paper
- From Events to Incidents
- Charles Pham
- October 31, 2003
- - download paper
- Computer Forensics: Introduction to Incident Response and Investigation of Windows NT/2000
- Norman Haase
- October 31, 2003
- - download paper
- Computer Forensic Legal Standards and Equipment
- Damian Tsoutsouris
- October 31, 2003
- - download paper
- One Incident Of Remediating The CRC 32 sshd1 Vulnerability
- Rebecca Sander
- October 31, 2003
- - download paper
- Deterring Cyber Attacks
- Christy Bilardo
- October 31, 2003
- - download paper
- The Coroners Toolkit - In depth
- Clarke L. Jeffris
- October 31, 2003
- - download paper
- Computer Forensics - We've Had an Incident, Who Do We Get to Investigate?
- Karen Ryder
- October 31, 2003
- - download paper
- What You Don't See On Your Hard Drive
- Brian Kuepper
- October 31, 2003
- - download paper
- Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
- Gary Belshaw
- October 31, 2003
- - download paper
- Building a Low Cost Forensics Workstation
- Matthew McMillon
- October 31, 2003
- - download paper
- Implementing a Computer Incident Response Team in a Smaller, Limited Resource Organizational Setting
- Mary Hall
- October 31, 2003
- - download paper
- Windows Responders Guide
- Koon Yaw Tan
- October 31, 2003
- - download paper
Check Them Out!
This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC
