Let's go ahead, and take a good look at the eradication tools that you might use in the event that you're working on the eradication part of your response effort. Now, one thing that's going to be apparent here when you move into the next section, which is the recovery section, some of the tools are the same, and we're really looking at imaging software backup software, antivirus, vulnerability scanners, port scanners, patch management tools. All these things will be used as you eradicate, you reimagine machines, you definitely going to need your imaging software, and backup software for that. As you check to make sure that the freshly imaged, freshly updated machines aren't infected with something, you're going to need your AV, and your hips, and all that for that. You'll definitely want to probably use vulnerability scanners, and port scanners to see if any vulnerability still exist or you've introduced new ones in your effort to restore things back, and obviously patch management to make sure you've patched all the way back up to where you're supposed to. With the imaging software, you need that to restore computer user images back to a clean state, and you want to make sure that before there's an actual incident that you have had the opportunity to basically verify that you're able to get these images in a reasonable amount of time. We've seen this breakdown, where there's an incident, and then we need to get images, and the organization they have an issue getting to the images, and getting them pushed out in a reasonable amount of time or at least at scale. You also want to consult with disaster recovery, and business continuity for recovery times, and mean times to recovering things like that, and recovery point objectives, and all that good stuff because they have a lot of the numbers, and a lot of the metrics that you're going to need to figure out how long it would take to do this or if we had to restore 100 machines on this segment of the network, what would that look like? They already know this information, they've got it documented. It may be wise for you to try to communicate with them, and get that information. With antivirus, as we said, you will need to check to make sure that when you restore images, and then apply all those software things that you haven't restored an infection back into the environment. If there is a new malware signatures scan the images as well because as we've said before, and will say it again a lot of times your images, your master images may be compromised. Sometimes the first round of effort to eradicate fails, it happens. It really happens, you won't need to do this verification. There could be devices that were not at the office at the time or whatever the case may be. Now, for vulnerability scanners, and port scanners, this will help you a lot of times if we know what the vulnerabilities were that caused a data breach to happen in the first place. A lot of times using port scanners, and vulnerability scanners can help us see if that root cause vulnerability still exist after we've done our eradication, and recovery, and all that good stuff because it really should include patching that vulnerability, that's part of what should be in there. Sometimes specific open ports can be signs of infection, certain ports are open, that's never opened, we don't have standard usages for that port, that would definitely be considered something, that's a bad thing. Now when you get to the end of this course, and look at the deep dive technical skills, you will see a lot of examples of what we're talking about there as I go through some of the forensics, and stuff like that. Some basically make sure the required tools are accessible, and functional, and another important thing is you want to make sure that with all the things that we just talk about, people are actually trained up on it. Just because your IR team has access to these tools, it doesn't mean that they can actually sit down with that tool, and do functionally what they need to do with that tool at the time. We want to reiterate here making sure they're trained up on it. Thank you for tuning into this skill session, and I hope to see you again in another one very soon.
