Chapter 7. Collecting, Seizing, and Protecting Evidence

ORGANIZATIONS ARE BATTLING ATTACKERS with increasingly sophisticated skills. System forensics is crucial to determining how an attack succeeded and developing controls to prevent future strikes. However, companies often make mistakes that prevent successful forensic investigations. They may fail to incorporate security controls to prevent attacks. They may also fail to collect appropriate data to support a forensic examination. Businesses should have their environments forensically ready.

Collecting data as evidence is difficult in any situation. This is why forensic examiners document the process and maintain a chain of custody throughout their investigations. Collecting electronic evidence ...

Get System Forensics, Investigation, and Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.