Incident Response Lab - A+ Core 2

← Back Incident Response Lab
0 / 8 tasks

Incident Response Process

1. Detect & Identify
Complete the incident report form
2. Containment Actions
Implement containment procedures
3. Collect Evidence
Gather evidence in order of volatility
4. Chain of Custody
Document evidence handling
5. Incident Timeline
Reconstruct event sequence
6. Eradication
Remove malware and threats
7. Recovery
Restore systems to normal operation
8. Lessons Learned
Review and submit final report

Hint

Fill out all required fields in the incident report form. Include specific details like timestamps and affected systems.

SCENARIO: Suspected Data Breach - Marketing Department Workstation

Incident Background

It's Monday morning at 9:15 AM. Sarah from Marketing reports that her computer is behaving strangely. She noticed:

  • Files on her desktop have strange extensions (.encrypted)
  • A ransom note appeared demanding Bitcoin payment
  • The computer is very slow and the fan is running constantly
  • She received a suspicious email Friday afternoon but isn't sure if she clicked anything

ALERT: This appears to be a ransomware infection!

As the first responder, you must document the incident, preserve evidence, and maintain chain of custody.

Task 1: Incident Report Form

Lab Complete!

You have successfully completed the full Incident Response Lab.

You demonstrated proper:

  • Incident detection and identification
  • Containment procedures
  • Evidence collection (order of volatility)
  • Chain of custody documentation
  • Timeline reconstruction
  • Malware eradication
  • System recovery procedures
  • Lessons learned analysis
← Review Quiz → Course