Hands-on Incident Response and Digital Forensics by Mike Sheward

We’ve obviously covered a lot of things an incident responder should be doing before and during an incident, but it is just as important to cover the things that should be avoided. Even the savviest incident response teams have found themselves falling into a trap in the heat of the moment. Some traps are self-inflicted, whereas others are left by a smart attacker deliberately seeking to redirect an incident response team. As a core theme of this book, we’ve talked about the often-conflicting needs of incident response and digital forensics, which actually brings us to the most important mistake to avoid during an incident: significantly limiting or damaging your ability to perform a more detailed ...