Cisco is pleased to announce a new addition to the Forensic Investigation Procedures for First Responders series of documents that will help customers and partners triage Cisco products that are suspected of being tampered with or compromised. These guides provide step-by-step instructions for first responders that can be used to assess platform integrity and collect information that can be used for forensic analysis for Cisco Nexus Platforms running Cisco NX-OS Software.

This new document is available on the Cisco.com Security Portal under Tactical Resources, Responding to a Security Incident.

The following is a summary of the new document just released, along with a brief description.

Cisco NX-OS Software Forensic Investigation Procedures for First Responders

This document provides steps for collecting forensic information from the Cisco Nexus series of switching appliances running Cisco NX-OS Software when compromise or tampering is suspected.

This document contains procedures for collecting platform configuration and run time state, verifying the integrity and the digital signing characteristics of Cisco NX-OS Software, gathering core files from critical system processes, and collecting non-volatile system information and artifacts. This document also includes procedures that will assist incident responders in assessing the virtual technologies supported by Cisco NX-OS Software, and contains instructions for examining guest shell configuration, retrieving Docker configuration settings, and enumerating deployed Docker containers.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Dan Maunz

Incident Manager

Applied Security Intelligence