Incidents have several characteristics. Understanding these characteristics can greatly assist a system administrator in planning the security of a server or entire infrastructure, just as that understanding can help an investigator discover the root cause of an incident. The order in which these characteristics are presented is not important. What is important is that the various characteristics are understood and considered during the initial design phases of new systems and infrastructures, as well as during an investigation. The characteristics will be presented as a whole and then discussed at length.

Incidents can be local or remote, manual or automatic. The characteristics of incidents will not only predicate how you prepare ...

Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.