7 Incident Response, Data Acquisitions, and DFIR Frameworks

Sometimes, it’s difficult to ascertain exactly what qualifies as evidence, especially at the very start of an investigation when all the facts on what occurred may not have yet been collected or stated. As in any investigation, we should be aware of and follow the guidelines, practices, and procedures for acquiring evidence in such a way that it is not tampered with or, in a worst-case scenario, lost.

At the scene of a crime, let’s say a shooting, there are specific items that may immediately qualify as evidence. The physical evidence is easily collected, put into evidence bags, labeled, and then shipped off to the labs and secure storage areas for safekeeping. This evidence may include ...

Get Digital Forensics with Kali Linux - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics with Kali Linux - Third Edition by Shiva V. N. Parasram

7

Incident Response, Data Acquisitions, and DFIR Frameworks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly