Skip to content
Log in

Network isolation

Definition

Disconnecting a compromised host from all network interfaces while leaving it powered on. Preserves volatile memory contents but removes the attacker's communication path. The preferred containment method when forensic investigation must follow.

Related terms

Attacker-alerting risk
The risk that a containment action signals to the attacker that they have been detected, potentially triggering destructive countermeasures on systems they...
Short-term containment
Immediate actions taken after incident confirmation to stop an attack from spreading, without waiting for full scope analysis. Distinguished from long-term containment,...
Traffic blocking
Adding firewall rules, null routes, or DNS sinkholes to deny communication between attacker-controlled infrastructure and the victim network. Effective against external command-and-control...
VLAN segmentation
Moving a compromised device or subnet into a separate VLAN with restrictive access control lists, limiting lateral movement to other network segments...
Volatile evidence
Data that exists only while a system is running: active processes, logged-in sessions, network socket state, decryption keys in memory, and command...

Explained in

  • Short-Term Containment TechniquesDisconnecting a compromised host from all network interfaces while leaving it powered on. Preserves volatile memory contents but removes the attacker's communi...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account