Chapter 4. Intrusion Investigation

Eoghan Casey, Christopher Daywalt and Andy Johnston

Introduction135

Methodologies139

Preparation143

Case Management and Reporting157

Common Initial Observations170

Scope Assessment174

Collection175

Analyzing Digital Evidence179

Combination/Correlation191

Feeding Analysis Back into the Detection Phase202

Conclusion206

References206

Introduction

Intrusion investigation is a specialized subset of digital forensic investigation that is focused on determining the nature and full extent of unauthorized access and usage of one or more computer systems. We treat this subject with its own chapter due to the specialized nature of investigating this type of activity, and because of the high prevalence of computer ...

Get Handbook of Digital Forensics and Investigation now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Handbook of Digital Forensics and Investigation by

Eoghan Casey, Christopher Daywalt and Andy Johnston

Contents

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly