Difference between revisions of "Incident Response"
From Forensics Wiki
(Initial description) |
|||
| Line 1: | Line 1: | ||
| + | {{Expand}} | ||
| + | |||
Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science. | Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science. | ||
| Line 10: | Line 12: | ||
Starting in 2000, [[First Responder's Evidence Disk|FRED]] | Starting in 2000, [[First Responder's Evidence Disk|FRED]] | ||
| + | |||
| + | [[IRCR]] | ||
| + | |||
| + | === Bootdisks === | ||
| + | |||
| + | [[HELIX]] | ||
== Papers == | == Papers == | ||
Revision as of 11:32, 27 February 2007
|
|
Please help to improve this article by expanding it.
|
Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science.
Contents |
Tools
Individual Tools
All in One Toolkits
Starting in 2000, FRED
Bootdisks
Papers
Preservation of Fragile Digital Evidence by First Responders
Books
There are several books available that discuss incident response. For Windows, Windows Forensics and Incident Recovery by Harlan Carvey is an excellent introduction to possible scenarios and how to respond to them.
