APPENDIX A
Answers to Questions
This appendix provides detailed answers to the “Questions” sections in Chapters 2–17. The questions are related to the content in these chapters. Chapter 1 is an introductory chapter; it does not have any questions.
CHAPTER 2
1. What is the difference between incident response and computer forensics?
Incident response is a computer security term, and computer forensics is a legal term. Incident response is your organization’s reaction to any unauthorized, unlawful, or unacceptable activity that occurs on one of your networks or computer systems. Computer forensics is the unearthing of evidence from computer media to support a legal proceeding.
2. Which one of the following will a CSIRT not respond to?
Theft ...
Get Incident Response & Computer Forensics, 2nd Ed., 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
