Summary

This chapter explained the fundamentals of the incident-response process. I discussed the importance of planning, with a focus on gathering information about the target of your incident response and on packing for the task at hand, thus ensuring you have the staff and equipment resources you need on-site.

Next, I discussed how to handle evidence at the scene, highlighting the importance of securing and then processing the scene. I explored the pros and cons of employing immediate shutdown vs. first capturing the volatile system-state data. I also covered the various shutdown methods based on the type of operating system in place and the function of the computer system. Finally, I discussed how to bag and tag computer evidence as a means ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Summary

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly