Chapter 12

Disaster Recovery and Incident Response

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

images 2.4 Given a scenario, implement basic forensic procedures.

  • Order of volatility
  • Capture system image
  • Network traffic and logs
  • Capture video
  • Record time offset
  • Take hashes
  • Screenshots
  • Witnesses
  • Track man hours and expense
  • Chain of custody
  • Big Data analysis

images 2.5 Summarize common incident response procedures.

  • Preparation
  • Incident identification
  • Escalation and notification
  • Mitigation steps
  • Lessons learned
  • Reporting
  • Recovery/reconstitution ...

Get CompTIA Security+ Study Guide: SY0-401, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.