About this guide Terms and definitions Incident Response Basics Attack lifecycle (kill chain) Incident response steps Recommended IR process and rules Preparation Identification Incident triggers Prioritization guidelines Analyzing incidents in SIEM Containment Eradication Recovery Lessons learned Incident response example The attack plan The incident response Preparation (example) Identification (example) Containment (example) Eradication and Recovery (example) Lessons learned (example) Recommended tools and utilities Tools for collecting IOC Sysinternals utilities Tools for creating dumps GRR Rapid Response Forensic Toolkit dd utility Belkasoft RAM Capturer Tools for analysis Kaspersky Threat Intelligence Portal Tools for analyzing memory dumps Tools for analyzing hard disk dumps Strings utility Tools for eradication Kaspersky Virus Removal Tool Kaspersky Rescue Disk AO Kaspersky Lab Trademark notices

上海“一网统管”的探索与实践 智慧先行 安全护航

完整英文电子版NISTSP 800-61 Rev. 2：2012 Computer Security Incident Handling Guide - Recommendations of the National Institute of Standards and Technology(计算机安全事件处理指南 - 美国国家标准与技术研究院的建议)。本文件旨在通过提供有效和高效响应事件的实用指南，帮助组织减轻计算机安全事件带来的风险。 它包括有关建立有效事件响应计划的指南，但该文件的主要重点是检测、分析、确定优先级和处理事件。 鼓励组织定制推荐的指南和解决方案，以满足其特定的安全和任务要求。