Discovering the Scope of the Incident
In this chapter we’re bridging incident detection and characterization with data collection and analysis—two major parts of the book. We will present real-world scenarios and walk you through reviewing the initial data, developing leads, collecting preliminary evidence, performing a high-level review, and then determining the appropriate data collection and preservation activities. To discover the scope of an incident, you are essentially performing a limited investigation.
To help make it clear ...

Get Incident Response & Computer Forensics, Third Edition, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.