Subject: Digital Forensics

Topic: Introduction

Difficulty: High

The primary goal of incident response is to effectively remove a threat from the organization’s computing environment, while minimizing damages and restoring normal operations as quickly as possible.

This goal is accomplished through two main activities:

• Investigate

• Determine the initial attack vector

• Determine malware and tools used

• Determine what systems were affected, and how

• Determine what the attacker accomplished (damage assessment)

• Determine if the incident is ongoing

• Establish the time frame of the incident

• Remediate

• Using the information obtained from the investigation, develop and implement a remediation plan