1 /
WGU C842 Cyber Defense and Counter Measures Tool1.incident handling response steps: 1. Preparation
2.Incident Recording
3.Incident Triage
4.Notification
5.Containment
6.Evidence Gathering and Forensic Analysis
7.Eradication
8.Recovery
9.Post-Incident ActivitiesIncident DocumentationIncident Impact
Assessment- Review and
Revise Policies- Close the
Investigation- Incident
Disclosure
2.Risk Assessment Management tools: PILAR – It helps incident handlers
to assess risks against critical assets of the organization in several
dimensions such as confidentiality, integrity, availability, authenticity,
and accountability
2 /
A1 Tracker
Risk Management Studio
3.Tools for Incident Analysis and Validation: buck-security – allows
incident handlers to identify the security status of a system. It gives
an overview of the security status of the system within a couple of
minutes
kiwi syslog server – It allows you to centrally manage syslog messages,
generates real-time alerts based on syslog messages, and perform
advanced message filtering and message buffering
splunk light – It is a tool for collecting, monitoring, and analyzing log filefrom servers, applications, or other sources
ª Loggly (https://www.loggly.com) ª InsightOps
(https://www.rapid7.com) ª Logz.io (https://www.logz.io) ª
Logmatic.io (https://www.logmatic.io) ª Graylog
(https://www.graylog.org
4.Tools for Detecting Missing Security Patches: Microsoft Baseline
Security Analyzer – MBSA lets incident handlers scan local and remote
systems for missing security updates as well as common security
misconfigurations
3 /
ª GFI LanGuard (https://www.gfi.com)
ª Symantec Client Management Suite
(https://www.symantec.com) ª MaaS360 Patch Analyzer
(https://www.ibm.com)
ª Solarwinds Patch Manager (https://www.solarwinds.com)
ª Kaseya Security Patch Management
(https://www.kaseya.com) ª Software Vulnerability
Manager (https://www.flexera.com)
ª Ivanti Endpoint Security (https://www.ivanti.com)
ª Patch Connect Plus (https://www.manageengine.com) ª Automox
(https://www.au- tomox.com)
ª Prism Suite (https://www.newboundary.co
5.report writing tools: MagicTree – stores data in a tree structure
This is a natural way of representing the information that is gathered
during a network test: a host has ports, which have services,
applications, vulnerabilities, etc.
KeepNote – is used to store class notes, TODO lists, research notes,
journal entries, paper outlines, etc. in a simple notebook hierarchy with
rich-text formatting, images, and more
6.data imaging tools: FTK imager – It is a data preview and imaging tool
that enables analysis of files and folders on local hard drives,
CDs/DVDs, and network drives
R-Drive image – buck-security allows incident handlers to identifying
4 /
the security status of a system. It gives an overview of the security
status of the system within a couple of minutes
ª EnCase Forensic (https://www.guidancesoftware.com) ª Data
Acquisition Tool- box (https://in.mathworks.com) ª RAID Recovery for
Windows (https://www.run- time.org) ª R-Tools R-Studio
(https://www.r-studio.com) ª F-Response Imager (https://www.fresponse.com
7.tools for calculating hash value:
HashCalc MD5 Calculator
HashMyFiles
8.Collecting Volatile Information: System Information: Tools and
commands to collect the information: Systeminfo.exe (Windows)
PsInfo
(Windows) Cat
(Linux) Uname
(Linux)