Incident Response: Drafting the Team

What are the Key Skills for Your Organization?

Upasana Gupta, Contributing Editor

Nearly a year ago, IBM's client organization suffered a major malware attack. When Don Weber, then an incident response professional with IBM, arrived on-site with his team, they demonstrated timeline-based analysis that quickly provided them with system-based artifacts associated with the malware on the compromised systems.

Although the malware solutions were able to tell them which systems were currently infected, they had no way of telling which systems had been compromised, or whether the malware had been removed or instead rolled over to something that was not being detected.

Using the information available, Weber and his team took a step back from data analysis and developed a perl-based tool that detected specific registry keys that would work on live systems. Using this tool, the client's security team was able to distribute and reach all of their resources. This allowed them to systematically (over the course of several days) identify approximately 10 systems out of over 30,000 that needed to be added to the scope of the incident.

To read the entire article, click here - http://www.govinfosecurity.com/articles.php?art_id=3060&rf=2010-11-05-eg&amp