Chapter 7. Knowing What to Look For
Not all computer security incidents will culminate in a full forensics investigation conducted by or in conjunction with law enforcement personnel. In fact, many investigations being conducted are non-litigious in nature, meaning that the investigator or her employer has no intention of contacting law enforcement and attempting to prosecute the case in a court of law. The goal of a non-litigious investigation is to determine what, if anything, happened. In the event that a security incident (such as an intrusion or a malware infection) has occurred, the investigator should then determine how it occurred so that the system can be recovered (if possible), but more importantly, how other systems can be protected. ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
