Chapter 17

Introduction to Computer Forensics and Incident Response


17.01     Working with Evidence

17.02     Collecting Digital Evidence

17.03     Looking at Incident Response


All electronic devices we use daily, from our cars, to cell phones, to personal computers, leave digital footprints. Computer forensics refers to the documentation, acquisition, and preservation of this digital data for use as evidence. Care must be taken to ensure that the proper steps are taken to perform data acquisition legally and respond to security incidents. Periodic drills and exercises ensure that team members are familiar with response actions.

1.   What must be determined by the first responder to an incident?

A.   The ...

Get CompTIA Security+ Certification Practice Exams, Third Edition (Exam SY0-501), 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.