Hands-on Incident Response and Digital Forensics by Mike Sheward

The nature of many security incidents, and the digital forensics investigations that are associated with them, often places a first responder in a challenging position. There are frequently factors that force our hand and require the first responder to interact directly with a system containing potential evidence. This situation runs contrary to the fundamental forensic principle that actions taken by the digital forensics professional should not alter or affect the data stored on the suspect machine. It is impossible to use any sort of live capture tool without having some sort of impact on a machine. It is, however, possible to do so in such a way that the first responder is fully aware of the impacts of doing ...