Preparing the Incident Response Toolkit
This chapter includes questions on the following topics:
• How digital forensics is related to incident response
• Basic techniques for conducting forensic analysis
• Familiarity with a variety of forensic utilities
• How to assemble a forensic toolkit
When a cybersecurity analyst conducts an incident response, the analyst cannot possibly anticipate whether or not the outcome might lead to legal action or prosecution. As a result, every incident being responded to must be handled as a forensic investigation. A forensic investigation follows specific phases, requiring the analyst to take careful notes and to handle all evidence with complete accountability. To carry this out, the analyst ...