ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Incident Response"

From ForensicsWiki
Jump to: navigation, search
(Initial description)
(No difference)

Revision as of 16:00, 27 February 2007

Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science.


Individual Tools


All in One Toolkits

Starting in 2000, FRED


Preservation of Fragile Digital Evidence by First Responders


There are several books available that discuss incident response. For Windows, Windows Forensics and Incident Recovery by Harlan Carvey is an excellent introduction to possible scenarios and how to respond to them.