SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsAccording to SANS, there are six steps involved in properly handling a computer incident: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Incident Management 101 provides guidelines, procedures, and tools designed to assist security specialists with the first two phases of Incident Management Preparation and Initial Response (aka Identification phase). The intended audience is for incident handlers who are responding to suspicious activity (versus malicious code or DOS attacks) on both Unix and Windows systems. The guidelines, procedures and tools described are intended for business recovery, not for legal purposes such as preservation of evidence, forensic analysis, or prosecution.