24
Marty Gillespie (mgg@dnaco.net)
Containment
V
–Analyze the
backups
•Attempt to determine
how the system was compromised
•Search for signs the
attacker has moved to other systems
–If possible, the
attacker should not be made aware that you have noticed them
–Keep management and
the Incident Response command center informed