Incident Evidence
There are many types of computer-based and network-based incidents that produce documentable evidence that will be available for investigation. One of the major requirements for handling incident evidence is known as the chain of custody. Evidence handling has four primary areas in any incident response activity.
Keywords
Data collection; evidence; chain of custody; image copy
Attacks on information systems and networks have become more numerous, sophisticated, and severe over the past few years. While preventing such attacks would be the ideal course of action for any organization or agency, not all information system security incidents can be prevented. Security incident response team (SIRT) managers are often held responsible ...
Get Computer Incident Response and Forensics Team Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.