Chapter 4. Intrusion Investigation
Eoghan Casey, Christopher Daywalt and Andy Johnston
Case Management and Reporting157
Common Initial Observations170
Analyzing Digital Evidence179
Feeding Analysis Back into the Detection Phase202
Intrusion investigation is a specialized subset of digital forensic investigation that is focused on determining the nature and full extent of unauthorized access and usage of one or more computer systems. We treat this subject with its own chapter due to the specialized nature of investigating this type of activity, and because of the high prevalence of computer ...