O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. Developing a Methodology

Now that we've covered the various tools to use in response to an incident, we need to look at how we can go about using these tools as part of a methodology. By developing and employing a methodology, we can be sure that we collect all of the data we need the first time around. After all, as discussed in Chapter 5, Incident Response Tools, there is a great deal of information available on a live system that will disappear when the system is powered down, and some of that information, such as network connections shown by netstat.exe, will change over time.

This chapter will reinforce the importance of developing and having an incident response methodology or process. Based on personal experience as a consultant, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required