IR-4(12)

  • Requirement

    Analyze malicious code and/or other residual artifacts remaining in the system after the incident.

  • Discussion

    When conducted carefully in an isolated environment, analysis of malicious code and other residual artifacts of a security incident or breach can give the organization insight into adversary tactics, techniques, and procedures. It can also indicate the identity or some defining characteristics of the adversary. In addition, malicious code analysis can help the organization develop responses to future incidents.

More Info

  • Title

    Incident Handling | Malicious Code and Forensic Analysis
  • Family

    Incident Response
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!