Incident Response References

Tips for examining a suspect server to decide whether to escalate for formal incident response

Incident Questionnaire for Responders

Windows Intrusion Discovery

Linux Intrusion Discovery: 1, 2

Building Incident Response Plan

Incident Calcification mindmap

Incident Handling and Response - 147 Resources

What not to do when reporting an incident

Security Incident Rating

The big picture of security incident cycle

ENISA Practice Guide for Incident Management

ENISA, A step by step approach on how to setup a CSIRT

NIST 800-61, Incident Handling Guide

RFC 2350, Expectations for Computer Security Incident Response

Tools:

Clearinghouse for Incident Handling Tools

Orion Live CD:

Based on BackTrack4, with additional case tracking and collaboration tools, in addition to some network analysis tools that might be helpful for network forensics. More info here.

SANS Investigative Forensic Toolkit (SIFT) Workstation

Helix