Conducting Security Investigations
Another challenging aspect of incident response is conducting the investigation. Although other stages of incident response have their own issues, the process used in the investigation can expand or inhibit the capabilities of the response team. Unskilled investigators often damage critical evidence that could lead to discovery of the attacker, or they otherwise hinder the team. Similarly, approaches that could yield additional information might be overlooked. For these reasons, the team should practice their response techniques before they are needed so that these techniques are already fine-tuned when an actual incident occurs.
Involving Law Enforcement
Many times, incident response involves making the least ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
