
Performing a Cyber Forensic Investigation: Flowchart for the Seizure 䡲 213
Table 7.5 (continued)
C. Notify the antivirus team.
1. If the organization currently has an antivirus team in place, report any virus
activity to the antivirus team and the IRT.
D. Verify the incident.
1. Upon learning of a possible security incident, take steps to verify that the incident
actually does exist.
2. If the source of the incident information is unfamiliar or not trusted, verify the
source, especially if the source has identified him or herself as a representative
of a legal or investigative agency.
3. Verify the incident, fi rsthand if possible, to ensure that ...