No Stone Unturned, Part Three

by H. Carvey
Sept. 24, 2017 0 comments Symantec Detection & Response incident handling

This is the third installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering “the Way” of incident response. As we left off last time, Eliot had just begun compiling a list of tools that would be helpful in incident investigation when he was interrupted by a call from Dave, a sys admin with a branch office on the West Coast. Dave had asked for Eliot's assistance with an apparent incident. Now, having begun an investigation, Eliot was baffled and had asked Dave for some clarifying information.