Investigation Self-Assessment

Comprehensive assessment for ransomware incidents covering initial triage through recovery. Includes ransomware-specific checkpoints for ransom note analysis, encryption scope mapping, backup integrity validation, and decryption feasibility evaluation alongside universal investigation checkpoints.

Assessment template for phishing incidents focused on identifying campaign scope, quarantining malicious messages, and auditing compromised mailboxes. Includes phishing-specific checkpoints for email quarantine, campaign analysis, and inbox rule auditing alongside universal investigation checkpoints.

Assessment template for data exfiltration incidents covering exfiltration channel identification, data inventory, and regulatory impact analysis. Includes exfiltration-specific checkpoints for blocking active channels and completing a comprehensive data inventory alongside universal investigation checkpoints.

Assessment template for insider threat investigations with emphasis on covert evidence collection and graduated access restriction. Includes insider-specific checkpoints for maintaining investigation secrecy while capturing evidence alongside universal investigation checkpoints.

Assessment template for web application compromises covering vulnerability exploitation, web shell detection, and application-layer remediation. Includes web-app-specific checkpoints for web shell hunting and vulnerability patching alongside universal investigation checkpoints.

Assessment template for cloud identity compromises focused on session revocation, OAuth application auditing, and cloud-native persistence mechanisms. Includes cloud-specific checkpoints for token revocation and OAuth consent review alongside universal investigation checkpoints.

Assessment template for business email compromise incidents covering email analysis, financial transaction freezing, and cloud session revocation. Includes BEC-specific checkpoints for impersonation technique analysis and urgent financial containment alongside universal investigation checkpoints.

Assessment template for credential theft incidents focused on identifying the dumping technique and executing comprehensive credential resets. Includes credential-specific checkpoints for technique identification and scope-appropriate reset procedures alongside universal investigation checkpoints.