Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
The eradication phase of incident response removes malware, attacker artifacts, and root causes from compromised systems before recovery begins.
Eradication Phase Definition: The eradication phase of incident response removes malware, attacker artifacts, and root causes from compromised systems before recovery begins.
The eradication phase is the step in the incident response lifecycle where the root cause of an incident is removed and affected systems are cleansed of malware, malicious accounts, and other attacker artifacts. It follows containment and precedes recovery, and may involve rebuilding systems, patching exploited vulnerabilities, and rotating compromised credentials. In the NIST incident response model, eradication and recovery are combined within the broader post-detection handling process.
Eradication Phase is one of the topics you'll master in the ECIH Boot Camp.
ECIH Boot Camp →