Abstract
For some people who use their computer systems, their systems might seem normal to them, but they might never realise that there could be something really fishy or even that fact that their systems could have been compromised. Making use of Incident Response a large number of attacks at the primary level could be detected. The investigation can be carried out to obtain any digital evidence.
Detecting any intrusion in your system is a very important step towards Incident response. Incident response is quite vast, but it is always better to start small. While performing incident response, you should always focus on suspected systems and the areas where it seems there could be a breach. Making use of Incident Response, you could detect a large number of attacks at the primary level.
The purpose of incident response is nothing but Live Forensics. The investigation can be carried out to obtain any digital evidence. This article mainly focuses on how incident response can be performed in a Linux system. So, to get you started with this cheat sheet, switch on your Linux machine and open the terminal to accomplish these commands.
What is Incident Response?
Incident Response can be defined as a course of action that is taken whenever a computer or network security incident occurs. As an Incident Responder, you should always be aware of what should be and should not be present in your systems.
The security incidents that could be overcome by:
• By examining the running processes
• By having insights into the contents of physical memory.
• By gathering details on the hostname, IP address, operating systems etc
• Gathering information on system services.
• By identifying all the known and unknown users logged onto the system.
• By inspecting network connections, open ports and any network activity.
• By determining the various files present
