Incident Response References

Tips for examining a suspect server to decide whether to escalate for formal incident response:
http://www.zeltser.com/network-os-security/security-incident-survey-cheat-sheet.doc

Incident Questionnaire for Responders:
http://www.zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.doc

Windows Intrusion Discovery:
http://sans.org/resources/winsacheatsheet.pdf http://www.ucl.ac.uk/cert/win_intrusion.pdf

Linux Intrusion Discovery:
http://sans.org/resources/linsacheatsheet.pdf
http://www.ucl.ac.uk/cert/nix_intrusion.pdf

Building Incident Response Plan:

http://zeltser.com/presentations/unexpected-incident-response.pdf

Incident Calcification mindmap

Incident Handling and Response - 147 Resources

Orion Live CD:

Based on BackTrack4, with additional case tracking and collaboration tools, in addition to some network analysis tools that might be helpful for network forensics. More info here.

SANS Investigative Forensic Toolkit (SIFT) Workstation

Helix