Difference between revisions of "Incident Response"

From Forensics Wiki
Jump to: navigation, search
(Initial description)

Revision as of 11:00, 27 February 2007

Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science.

Contents

Tools

Individual Tools

SysInternals

All in One Toolkits

Starting in 2000, FRED

Papers

Preservation of Fragile Digital Evidence by First Responders

Books

There are several books available that discuss incident response. For Windows, Windows Forensics and Incident Recovery by Harlan Carvey is an excellent introduction to possible scenarios and how to respond to them.