Had you been exposed to a massive dose of gamma radiation you might turn green and ripped with muscles bursting out of your clothes and set off destroying everything in your path until you find the perpetrators and make them pay. Since your average person can’t turn into The Incredible Hulk, we have to settle for getting angry and saying “help! I think I’ve been hacked!!”
Various emotions may overtake you but it is important to act quickly and decisively to stop any ongoing intrusions, determine the extent of the damage caused and secure and protect your system for the future.
Unfortunately, if you did not prepare in advance for such an incident you probably are finding out much later than you should have and you have next to nothing to go on in trying to determine what occurred- how did the intruder get in? When did they intruder get in? What changes have been made to the system?
When you first realize you may have been hacked you need to decide your course of action. Your initial reaction may be to disconnect your computer from the Internet or shut it down entirely to break the connection with the hacker. Depending on the situation this may be the way to go. However, you may find many more clues and gather more evidence by performing certain actions while the system is still live.
If the system in question contains sensitive or classified material that you feel might be in jeopardy or if you believe your computer might be infected with a virus or worm that is actively propagating (sending itself out) from your computer you probably need to go ahead and disconnect from the Internet at the very least.
There are six essential phases that make up incident response: