Skip to content
Log in

Short-term containment

Definition

Immediate actions taken after incident confirmation to stop an attack from spreading, without waiting for full scope analysis. Distinguished from long-term containment, which stabilises the environment for sustained investigation.

Related terms

Attacker-alerting risk
The risk that a containment action signals to the attacker that they have been detected, potentially triggering destructive countermeasures on systems they...
Network isolation
Disconnecting a compromised host from all network interfaces while leaving it powered on. Preserves volatile memory contents but removes the attacker's communication...
Traffic blocking
Adding firewall rules, null routes, or DNS sinkholes to deny communication between attacker-controlled infrastructure and the victim network. Effective against external command-and-control...
VLAN segmentation
Moving a compromised device or subnet into a separate VLAN with restrictive access control lists, limiting lateral movement to other network segments...
Volatile evidence
Data that exists only while a system is running: active processes, logged-in sessions, network socket state, decryption keys in memory, and command...

Explained in

  • Short-Term Containment TechniquesImmediate actions taken after incident confirmation to stop an attack from spreading, without waiting for full scope analysis. Distinguished from long-term con...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account