Chapter 4. Intrusion Investigation
Eoghan Casey, Christopher Daywalt and Andy Johnston
Contents
Introduction135
Methodologies139
Preparation143
Case Management and Reporting157
Common Initial Observations170
Scope Assessment174
Collection175
Analyzing Digital Evidence179
Combination/Correlation191
Feeding Analysis Back into the Detection Phase202
Conclusion206
References206
Introduction
Intrusion investigation is a specialized subset of digital forensic investigation that is focused on determining the nature and full extent of unauthorized access and usage of one or more computer systems. We treat this subject with its own chapter due to the specialized nature of investigating this type of activity, and because of the high prevalence of computer ...
Get Handbook of Digital Forensics and Investigation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.