Lesson Summary:

In this lab you will gain familiarity with the incident handling process by examining artifacts of a potential network security incident and making recommendations to network administrators to limit exposure to future incidents. You will focus on the 6 phases of incident handling:

• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons Learned

Lesson Objectives:

• Apply the 6 steps of Incident Response
• Apply knowledge of the 6 Phase Attack Cycle
• Use traffic analysis to understand a network incident
• Use system logs to identify suspicious user action

Tasks Prior to Class:

Additional Material/Resources

• Lab9 Instructions
• Incident Handling tex file
• Lab Diagram
• Lab9 Materials