Forensics Hardware
If an incident response team anticipates conducting forensics examinations, it should acquire a dedicated forensics platform. This computer does not need to be particularly powerful; in most cases, the limiting factor in conducting an investigation is I/O speed, not processor power. The computer should be set up to accommodate most likely configurations; specialized equipment can be added as needed.
Standard Corporate DesktopMost of this section (and indeed, most of this chapter) assumes that the standard corporate desktop is an Intel or compatible clone, running some version of Microsoft Windows. UNIX investigations will be discussed further in Chapter 9, “Forensics II,” although most of the basic techniques in this chapter ... |
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
