I am in need of a IR template SOP can anyone help it is for a windows enviroment.
Can you provide more information? Are you looking for something purely technical, independent of infrastructure? Or are there political and infrastructure issues?
H
You might want to check out FIRST. http//first.org
In addition to FIRST, also consider checking out the NIST Special Publications. One in particular that may be of use is NIST SP800-61, "Computer Security Incident Handling Guide," found here
http//
There are several other NIST SPs that may be of use to you, but the numbers escape me at the moment. SP800-61 has great guidelines for a phased approach to incident response, including checklists for various categories of incidents. It's a long document, but at least check out section 3, Handling an Incident, if nothing else.
-James
This may also help.
http//
Curtis Rose has a very thorough white paper on Windows IR. Not sure where I got it, but if you give me an email I can send.
Thanks every one, I was looking for a general form a template so to speak and now see that I have to do some more research. But to answer some questions what I am trying to achieve is I have a pure windows shop that consists of a web server located in the DMZ and I wrote a SOP for reviewing the log files for intrusions and one for aquiring a Forensic image. But I would like to write an sop for handling the intrusion all together and thought that an IR sop would best fit.
Hope this helps
ac_forensics…could you post the whitepaper you have? I'd be interested in reviewing it.
I would glady do so but I have not started it yet
Ac_forensics,
Is this what you were referring to
http//
Harlan