Next Steps for Incident Responders

A.

The first step in incident response is to always gather information about the incident. In this case, the incident responder has received a call from a user reporting a computer exhibiting symptoms consistent with a malware infection.

Therefore, the next step the incident responder should perform is option A: Capture and document necessary information to assist in the response. This includes gathering information about the user, such as their name and contact information, as well as information about the computer, such as its operating system and any recent changes or updates. Additionally, the incident responder should ask the user to provide a description of the symptoms they are experiencing, such as any error messages or unusual behavior.

This information will be helpful in identifying the type of malware infection and determining the appropriate response. For example, if the malware is identified as ransomware, the response may involve isolating the infected system, disabling network access, and contacting law enforcement.

Option B: Request the user capture and provide a screenshot or recording of the symptoms can be helpful in providing additional information about the malware infection. However, this step should be taken after the incident responder has gathered basic information about the incident.

Option C: Use a remote desktop client to collect and analyze the malware in real time is not a recommended step for an incident responder to take as it may inadvertently spread the malware to other systems on the network.

Option D: Ask the user to back up files for later recovery is also not a recommended step for an incident responder to take as it may result in further spreading the malware to backup devices. It is important to focus on isolating the infected system and preventing the malware from spreading to other systems on the network.