← Back to catalog
IR-4(12)
Malicious Code and Forensic Analysis
Incident Response (IR)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Analyze malicious code and/or other residual artifacts remaining in the system after the incident.
Discussion
When conducted carefully in an isolated environment, analysis of malicious code and other residual artifacts of a security incident or breach can give the organization insight into adversary tactics, techniques, and procedures. It can also indicate the identity or some defining characteristics of the adversary. In addition, malicious code analysis can help the organization develop responses to future incidents.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.