In this final chapter, we look to combine the learning from all the previous chapters in discussing incident handling activities. Specifically, we will look at how the techniques we have previously investigated fit within the National Institute of Standards and Technology Special Publication 800-61 Revision 2 (NIST.SP800-61 r2; Computer Security Incident Handling Guide); and Special Publication 800-86 (NIST.SP800-86; Guide to Integrating Forensic Techniques into Incident Response ) guidelines.

The guidelines identify which activities are required throughout the life cycle of an attack. This means that while the Cyber Kill Chain is focused on the timeline of an attack, NIST focuses on the timeline of a defense. NIST also provides guidance on evidence collection and running investigations, which bring us full circle to Section 1!

The ability to communicate using a common framework is related to these guidelines; a concept also covered in covered in the first section of the book.

The following topics will be covered in this chapter:

• VERIS
• The phases of incident handling
• Conducting an investigation