A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company’s server. Which of the following is the FIRST step the analyst should take?

Posted on By admin No Comments on A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company’s server. Which of the following is the FIRST step the analyst should take?

[TABS_R id=10964]

A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company’s server.

Which of the following is the FIRST step the analyst should take?

  • Create a full disk image of the server’s hard drive to look for the file containing the malware.
  • Run a manual antivirus scan on the machine to look for known malicious software.
  • Take a memory snapshot of the machine to capture volatile information stored in memory.
  • Start packet capturing to look for traffic that could be indicative of command and control from the miner.

[TABS_R id=10964]

Uncategorized
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x