Incident Response

An incident response consists of four main phases which occur in a cycle: assessment of scope, containment, acquisition and preservation of evidence, and analysis. Investigators assess the scope of an incident to estimate business impact and to determine how to contain the situation. Containment serves to both limit the impact of an incident, and to prevent the deterioration of evidence. Investigators then acquire relevant evidence and establish a chain of custody to preserve it for further analysis. Analysis of the evidence is then performed to determine if the original estimated scope of the incident response was adequate.

These four steps repeat until the investigators are reasonably sure the necessary evidence has been contained, acquired, and preserved. The product of an incident response is both the body of evidence collected and the containment of the incident to prevent further business impact. While some analysis will inevitably be undertaken, any conclusions drawn from it are generally incomplete and will require additional deep analysis to validate them. This further analysis can occur in a lab setting without impacting day-to-day operations.

VSR Provides:

Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

XML Schema, DTD, and Entity Attacks

IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.


Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920