Investigation Overview
The goal of any computer security incident investigation should be to determine whether an incident occurred, and if so, how it was able to occur. Once the investigator has determined that an incident has occurred, the root cause of the incident must be determined. This way, not only can the victim system be patched and appropriately reconfigured, but other systems can also be protected.
How the investigation is conducted is entirely up to the organization. In some cases, the “investigative staff” of the organization may consist of a single administrator or a small group of administrators tasked with providing security expertise in addition to their day-to-day system administration function. Regardless of the size, each ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.