Documentation overview

The documentation associated with an incident takes several forms. The length of any documentation is often dictated by the type of incident. Simple incidents that take very little time to investigate and have a limited impact may be documented informally in an existing ticketing system. In more complex incident investigations, such as a data breach that has led to the disclosure of confidential information (such as medical records or credit card information), may require extensive written reports and supporting evidence.

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.