Subject: Digital Forensics

Topic: Introduction

Difficulty: High

The primary goal of incident response is to effectively remove a threat from the organization’s computing environment, while minimizing damages and restoring normal operations as quickly as possible.

This goal is accomplished through two main activities:

• List item
• Investigate
• Determine the initial attack vector
• Determine malware and tools used
• Determine what systems were affected, and how
• Determine what the attacker accomplished (damage assessment)
• Determine if the incident is ongoing
• Establish the time frame of the incident
• Remediate
• Using the information obtained from the investigation, develop and implement a remediation plan