Forensic investigations can be triggered from several types of events generated by a variety of security controls. Whether they originate because of human watchfulness, rule matching in an intrusion prevention system (IPS), or modification of data alerted on file integrity monitoring (FIM), organizations must demonstrate an acceptable level of due diligence by ensuring they review each event as it is generated.
While reviewing events, security analysts need to quickly assess the level of risk to the organization and decide whether a full forensic investigation needs to be initiated. The criteria for deciding when an event becomes an investigation should not be simply left to the judgment of ...
Get Implementing Digital Forensic Readiness, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
