Incident Response Tools and Resources
Today we will focus on tools and open source code for James Fritz tells not only of those instruments, but also shares the resources for how to find out how and when to use them, and identifies the source of the attack in his post.
Basically, the majority of incidents at spent most of the time. James proposes to use the OODA loop structure so that you will know when to use which tool and why.
If we carefully analyze the ideas of Boyd, it is clear that there are only two basic ways to achieve victory in the fight against cyber criminals and other violators – an obvious and not. The obvious – make them faster or cycles of action to improve the quality of decisions. The first option will allow you to act on it ahead of the curve and force your opponent to react to your actions, and not vice versa, as often happens in the IB. For example, you might regularly rebuild the defense system, do the exercises on a regular basis, “red-blue”, change the security setting to change the decision to change the banners in the network and application services, etc. The second and less obvious way to make it possible to make decisions that best meet the current situation, what solutions your partner. Well designed solutions can lead to more preferable results than fast, but the inadequate actions of the enemy.
With detailed analysis James Fritz of the best tools with open source for each function, you can see in his post. He gives a detailed table of the activities and tools.