O'Reilly logo
  • Patrick Loner thinks this is interesting:

Another major difference between incident response and computer forensics, in my experience, is how the project ends. In an IR case, if you are dealing with an outside attacker breaching the security of your system, the attacker is quite often a) outside of your country’s legal jurisdiction, b) lacking in assets that could be used to pay back the cost of the breach, or c) not worth the time for law enforcement to pursue. These factors lead to most IR projects ending with the identification of the breach, the impact to any data stored within the system, and either the system being secured or reinstalled, with the possibility that those individuals a...