Skip to content
Log in

Blast radius

Definition

The full set of systems, accounts, and data that an attacker has accessed or could access given their current level of compromise. Determining the blast radius is the primary goal of the scoping phase and the prerequisite for effective containment planning.

Related terms

Corroboration
The practice of confirming an observed attacker action by finding evidence of the same action in at least two independent data sources,...
Declaration threshold
The criteria defined in an organisation's IR plan that a suspected event must meet before it is formally declared a confirmed incident,...
Dwell time
The period between an attacker gaining initial access and their detection. Reducing dwell time is a primary goal of threat hunting. The...
Initial indicator of compromise (IoC)
The first observable artefact or event that triggers the investigation: a hash match, a suspicious process, an anomalous login, or an alert...
Lateral movement
Attacker activity after initial compromise in which the threat actor traverses from one internal system to another, typically to escalate privileges, access...

Explained in

  • Scoping and Confirming an IncidentThe full set of systems, accounts, and data that an attacker has accessed or could access given their current level of compromise. Determining the blast radius...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account