Definitions
Once again, in order to ensure that we are all on the same sheet of music here, it's important that certain terms be defined. As stated in Chapter 1, Introduction, a computer security incident (or simply incident) is “any event that is in violation of implicit or explicit policies.” What this means is that any action that should not happen, whether that action has been explicitly documented or not, could be considered an incident. This can include, but is not limited to, such actions as privilege escalation, attempting to gain unauthorized access to systems, scanning of network infrastructure resources (i.e., servers, switches, routers, etc.), loading network sniffers or keylogging software on systems, and denial of service (DoS) ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
