CHAPTER 9

Preparing the Incident Response Toolkit

This chapter includes questions on the following topics:

•   How digital forensics is related to incident response

•   Basic techniques for conducting forensic analysis

•   Familiarity with a variety of forensic utilities

•   How to assemble a forensic toolkit

When a cybersecurity analyst conducts an incident response, the analyst cannot possibly anticipate whether or not the outcome might lead to legal action or prosecution. As a result, every incident being responded to must be handled as a forensic investigation. A forensic investigation follows specific phases, requiring the analyst to take careful notes and to handle all evidence with complete accountability. To carry this out, the analyst ...

Get CompTIA CySA+ Cybersecurity Analyst Certification Practice Exams (Exam CS0-001) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.