Professional Documents
Culture Documents
Introduction to Network
Forensics
17
Incident Response
• When networks belonging to businesses or other
organizations (schools, non-profits, governmental, and
so on) are subject to a malware infestation, as an
example.
18
Incident response
• An event is a change that has been detected in a
system.
• This could be something as simple as :
Detection &
Preparation
Analysis
Containment,
Post Incident
eradication
Activity
&Recovery
Incident response Process
• A forensic practitioner would obviously be necessary at the
detection and analysis phase, but they would typically be
involved in the preparation stage as well.
Question