TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001

Computer Data Forensics

When an incident takes place, the CIRT must decide whether they plan to pursue legal action against the offender. If it does, certain steps must be taken to ensure the forensic evidence gathered will be admissible in court. Before the decision is made, they should progress with the assumption that action will be taken.

The Investigative Process

Incident investigators should attempt to answer the same questions that journalists investigating a story pursue:

Who is responsible for the incident? An insider or an outsider?
What type of incident took place? Was it a Web site defacement? Denial-of-service attack?
When did the incident take place?
Why did the incident take place? What was the motivation of the hacker?
Where did the ...

Get TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

TICSA TruSecure™ ICSA Certified Security Associate Exam TU0-001 by Mike Chapple, Debra Littlejohn Shinder, Shawn Porter

Computer Data Forensics

The Investigative Process

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly