Reimaging
Reimaging is a method of restoring a system after a breach or infection using a known clean backup or disk image created before the incident.
- A “clean” backup or image:
- has appropriate secure baseline configurations
- is fully patched
- and does not contain malware
- backups may contain malware, backdoors, or other artifacts which would allow the attacker to regain access quickly
- systems should be reimaged instead of trusting that antimalware tools can effectively wipe the infection