Chapter 3
1. What are two general ways in which computers are involved in security violations?
Answer: A computer can be used in the commission of crimes or in violation of policy. It can also be the target for an attack.
2. What is computer evidence?
Answer: Any computer hardware, software, or data that can be used to prove one or more of the five Ws and the H for a security incident—namely, who, what, when, where, why, and how.
3. What is an incident response team?
Answer: The incident response team (IRT) carries out internal investigations. IRT members are generally specially trained to identify and collect evidence to document and categorize incidents. In addition, team members must also be cognizant when incidents are crimes and require ...
Get Computer Forensics JumpStart, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
