O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Investigation Overview

The goal of any computer security incident investigation should be to determine whether an incident occurred, and if so, how it was able to occur. Once the investigator has determined that an incident has occurred, the root cause of the incident must be determined. This way, not only can the victim system be patched and appropriately reconfigured, but other systems can also be protected.

How the investigation is conducted is entirely up to the organization. In some cases, the “investigative staff” of the organization may consist of a single administrator or a small group of administrators tasked with providing security expertise in addition to their day-to-day system administration function. Regardless of the size, each ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required