CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)), 6th Edition

CHAPTER 28 Investigations

In this chapter, you will

• Learn about the different sources of information used to support an investigation

• Learn how to incorporate appropriate data sources to support an investigation

Investigations are used to determine what happened, who did what, and what elements of an information system have been affected by some specific event or series of events. The elements that need to be investigated for unauthorized activity and changes include both the data elements in the system and the system itself. There can be a wealth of diagnostic and investigatory data collected as part of an ongoing security operation or developed in response to an incident. This chapter looks at how to utilize these sources of data ...

Get CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)), 6th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)), 6th Edition by Wm. Arthur Conklin, Greg White, Dwayne Williams, Roger L. Davis, Chuck Cothren

CHAPTER 28

Investigations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly