
Performing a Cyber Forensic Investigation: Flowchart for the Seizure 䡲 203
H. Determine whether to sanitize and restore the affected systems or to investigate the
source of the attack and person(s) responsible.
1. Conduct an investigation. Typical investigation activities include the need to:
Examine data
Gather information from those involved with the incident
Look for the perpetrator
䡲
䡲
䡲
2. Carefully obtain and manage information obtained in an investigation. Any information
that is gathered could conceivably become evidence in a court or administrative
hearing.
3. The protection of personnel and assets takes priority in most cases. However, note ...