
208 䡲 Cyber Forensics Field Manual, Second Edition
Table 7.4 (continued)
2. Ensure that each member of the team has a solid understanding of the company’s
policies and procedures.
3. Ensure that only the appropriate personnel are kept informed as the incident
progresses.
E. Determine whether the incident is actively occurring.
1. Decide what (if any) temporary defensive measures should be taken based on whether
the incident is actively occurring.
F. Establish the scope of the incident.
1. Once the incident is verifi ed, determine its scope. Determining the scope may include
asking the following questions:
Did the incident affect an isolated computer ...