Incident Response

Chaves de registro
Write Protect ON/OFF – Bloqueio ou desbloqueio de gravação em USB via registry
Long Paths Enable – Habilita caminhos com mais de 260 caracteres no Windows 10 via registry

NIST SP 800 (Guidance)

  1. NIST SP 800-37 Rev. 2,  Risk Management Framework
  2. NIST SP 800-53 Rev.5, Security and Privacy Controls 
  3. NIST SP 800-61, Computer Security Incident Handling Guide
  4. NIST SP 800-83, DRAFT Guide to Malware Incident Prevention and Handling for Desktops and Laptops
  5. NIST SP 800-86, Guide to Integrating Forensic Techniques
  6. NIST SP 800-100, Information Security Handbook
  7. NIST SP 800-101 Rev.1, Guidelines on Mobile Devices Forensics
  8. NIST SP 800-202, Quick Start for Populating Mobile Test Devices
  9. All Special Publications series 800 – SP 800

SANS INSTITUTE

  1. SANS Incident Handler’s Handbook
  2. SANS Intrusion Detection Checklist for Linux
  3. SANS Intrusion Detection Checklist for Windows
  4. Security Intelligence: Attacking the Cyber Kill Chain by Mike Cloppert

Outras fontes

  1. Software Engineering Institute white paper on memory image analysis on Windows (CERT)
  2. 9 Automated Online Sandbox Services to Analyze Suspicious File’s Behavior  (Raymond.cc)