Incident Response: The NIST SP 800-61 Lifecycle

A blue team guide to the four phases of incident response