Analysis approaches

During incident handling, each case can be considered as a different scenario. Therefore, different approaches can take place during the first response, based on the circumstances of the individual case. There are two general approaches that can be used to deal with a security incident:

Live analysis: This is usually performed when the analyst has a live system in hand. Shutting the system down is one of the "don'ts" that the responder shouldn't do. Performing some primary analysis of the live system can provide valuable information that can guide the analyst in the future investigation. Also, in some situations, a quick analysis of the incident is highly required when there is no time to go through the normal steps of the analysis. ...

Get Practical Windows Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Windows Forensics by Ayman Shaaban, Konstantin Sapronov

Analysis approaches

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly