Containment

• Build a Timeline

  • What did we know, when?

• Keep a low profile

  • Don’t use obvious methods

• Bring your own lunch

  • Avoid root kit

• Binary backups

  • Useful for evidence!

Previous slide

Next slide

Back to first slide

View graphic version