Eric C. ThompsonCybersecurity Incident Responsehttps://doi.org/10.1007/978-1-4842-3870-7_9

9. Eradication, Recovery, and Post-incident Review

Eric C. Thompson¹

(1)

Lisle, Illinois, USA

Eradication is the process of removing all the remnants of a cyberattack. This commences once systems known to be compromised are available to be taken offline so that eradication can occur. Removing files and reversing registry and configuration changes malware and attackers made during the attack are addressed. Once all the affected machines are identified and isolated and forensic backups are completed, the company can address weaknesses exploited by the attackers. These vulnerabilities are patched, and insecure configurations repaired. In ...

Get Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents by Eric C. Thompson

9. Eradication, Recovery, and Post-incident Review

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly