X hits on this document

118 views

0 shares

0 downloads

0 comments

17 / 47

Orion Incident Response Live CD

1

Figure 11: RTIR Incident

The installation of RTIR in Orion stores incident information in a mysql database. This database can be accessed and manipulated using any tools that support mysql. For example, the mysqlhotcopy command can be used to make a backup of the RTIR database:

mysqlhotcopy --user=<userid> --password=<password> rt3 /backup

Future versions of Orion will scripts to automate the backup, validation, and restoration of the RTIR database. This will allow case tracking data to be archived for a specific incident. The released version of Orion will include a script to archive the RTIR database and any other data related to the incident.

6.4. Secure Communication

Communication during incident response must be trustworthy, but it also needs to be full- featured. Attackers can hamper the ability of the incident handling team to provide a timely response simply by creating doubt in the trustworthiness of normal communication channels. If the email system has been compromised, how does the team keep abreast of the situation? If normally used instant messaging systems are

John Jarocki, john.jarocki@gmail.com

Document info
Document views118
Page views119
Page last viewedSat Dec 03 12:12:31 UTC 2016
Pages47
Paragraphs864
Words8806

Comments