Chapter 7. Collecting, Seizing, and Protecting Evidence
ORGANIZATIONS ARE BATTLING ATTACKERS with increasingly sophisticated skills. System forensics is crucial to determining how an attack succeeded and developing controls to prevent future strikes. However, companies often make mistakes that prevent successful forensic investigations. They may fail to incorporate security controls to prevent attacks. They may also fail to collect appropriate data to support a forensic examination. Businesses should have their environments forensically ready.
Collecting data as evidence is difficult in any situation. This is why forensic examiners document the process and maintain a chain of custody throughout their investigations. Collecting electronic evidence ...
Get System Forensics, Investigation, and Response now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.