Talk With an Expert

A Practical Example of Incident Response to a Network Based Attack

A Practical Example of Incident Response to a Network Based Attack (PDF, 4.01MB)Published: 16 Aug, 2017
Created by
Gordon Fraser

A commonly accepted Incident Response (IR) process includes six phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. This paper examines this process in the context of a practical working example of a network based attack. It begins with the identification of a potential incident, followed by the detailed analysis of the network traffic to reconstruct the actions of the attacker, and leads up to determining indicators of compromise that can be used to identify other victims. This paper provides a practical example of responding to a network based incident.

A Practical Example of Incident Response to a Network Based Attack