O'Reilly logo

TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001 by Shawn Porter, Debra Littlejohn Shinder, Mike Chapple

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Computer Data Forensics

When an incident takes place, the CIRT must decide whether they plan to pursue legal action against the offender. If it does, certain steps must be taken to ensure the forensic evidence gathered will be admissible in court. Before the decision is made, they should progress with the assumption that action will be taken.

The Investigative Process

Incident investigators should attempt to answer the same questions that journalists investigating a story pursue:

  • Who is responsible for the incident? An insider or an outsider?

  • What type of incident took place? Was it a Web site defacement? Denial-of-service attack?

  • When did the incident take place?

  • Why did the incident take place? What was the motivation of the hacker?

  • Where did the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required