Home Services Intake Form IT Resources About Browse
Command Reference Windows Linux macOS ChromeOS PowerShell Networking Security Keyboard Shortcuts Android MDM iOS MDM Backup Browser Burp Suite Cisco IOS Cleanup Encryption Firewall Git & GitHub Incident Response Recovery Reference Scan Terminal Tools Ubiquiti Virtual Machine Wireshark

Incident Response

Triage, Forensics & Escalation Workflows

๐Ÿงช Triage Scripts (CLI)

CommandPurpose
who -aCheck active sessions and logins
netstat -tulnpList active network connections
ps aux --sort=-%cpuIdentify high CPU processes
df -hCheck disk usage
uptimeReview system load and uptime

๐Ÿ” Forensic Tools

ToolPurpose
AutopsyGUI-based digital forensics platform
VolatilityAnalyze memory dumps for artifacts
FTK ImagerCreate forensic disk images
WiresharkCapture and analyze network traffic
ChkrootkitScan for rootkits on Unix systems

๐Ÿ“ˆ Escalation Logic

StepAction
1. ContainIsolate affected systems from network
2. PreserveCapture logs, memory, and disk images
3. AnalyzeUse forensic tools to identify root cause
4. ReportDocument findings and notify stakeholders
5. RecoverRestore systems and monitor for recurrence