Need help to complete assignment.
Compromised passwords. You discovered that an attacker used rainbow tables to attack your domain’s password file in an offline attack. Assume that all of your user’s passwords are compromised.
Paragraph 1: IRT Team. What would the IRT team look like for this incident (who would be on the team to be able to effectively handle the event)? Justify your choices.
Paragraph 2: Approach. Address HOW you would respond. What logs or tools would you use to identify/analyze the incident? What would alert you to the incident? What tools would you use to contain/recover from the incident?
Paragraph 3: Metrics. Who would you measure your team’s response effectivenss? What measurements/metrics would you track?