Chapter 6. Incident Investigation and Forensics

When a serious incident occurs, you need to know what to do. A serious incident will eventually occur with all organizations, and it could take many forms. For example, it might be any of the following:

• Sensitive financial information about your company or employees is stolen and posted to a hacker blog.

• An e-mail worm attacks your e-mail system, resulting in degraded network performance.

• An employee is inadvertently sharing all his Word documents on Limewire, Kazaa, or some other peer-to-peer (P2P) file-sharing network.

• You are notified by a motion picture association that someone on your network is downloading and distributing copyrighted material.

• Your e-commerce website falls victim ...

Get Security Monitoring with Cisco Security MARS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.