Difference between revisions of "Incident Response"

From ForensicsWiki
Jump to: navigation, search
m
(Books: - Added link for Harlan Carvey)
Line 25: Line 25:
 
== Books ==
 
== Books ==
  
There are several books available that discuss incident response. For [[Windows]], ''[http://www.windows-ir.com/ Windows Forensics and Incident Recovery]'' by Harlan Carvey is an excellent introduction to possible scenarios and how to respond to them.
+
There are several books available that discuss incident response. For [[Windows]], ''[http://www.windows-ir.com/ Windows Forensics and Incident Recovery]'' by [[Harlan Carvey]] is an excellent introduction to possible scenarios and how to respond to them.

Revision as of 12:12, 27 February 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science.

Tools

Individual Tools

SysInternals

All in One Toolkits

Starting in 2000, FRED

IRCR

Bootdisks

The Helix disc contains both a bootable Linux partition and a number of Windows incident response tools.

Papers

Preservation of Fragile Digital Evidence by First Responders

Books

There are several books available that discuss incident response. For Windows, Windows Forensics and Incident Recovery by Harlan Carvey is an excellent introduction to possible scenarios and how to respond to them.