Detective controls

Detective controls are used to investigate an incident that has happened and needs to be investigated; these could include the following:

  • CCTV records events as they happen and from that you can see who has entered a particular room or has climbed through a window at the rear of a building.
  • Log files are text files that record events and the times that they occurred; they can log trends and patterns over a period of time. For example, servers, desktops, and firewalls are all events. Once you know the time and date of an event, you can gather information from various log files.

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.