Section 7

Incident Response Policies and Procedures

The Security Incident Response Team should always follow a structured documented process, wherein the content of the items to be investigated need to be preserved, validated, and documented. Any investigation must be understood at the onset as to its dimensions, scope, and investigative methods which are best based upon proven techniques, such as proper and legal collection of evidence and obtaining proper bit-stream “hash encrypted” copies of evidence. The linear nature of investigation always needs documentation and supporting evidence, for technology can give unexpected results. So, always document everything and report everything.


IR policies

There are two areas in which the Security ...

Get Computer Incident Response and Forensics Team Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.