Subject: Digital Forensics

Topic: Introduction

Difficulty: Medium

Incident response is a coordinated and structured approach to go from incident detection to resolution. Incident response may include activities that:

• Confirm whether or not an incident occurred

• Provide rapid detection and containment

• Determine and document the scope of the incident

• Prevent a disjointed, non-cohesive response

• Determine and promote facts and actual information

• Minimize disruption to business and network operations

• Minimize the damage to the compromised organization

• Restore normal operations

• Manage the public perception of the incident

• Allow for criminal or civil actions against perpetrators

• Educate senior management

• Enhance the security posture of a compromised entity against future incidents

The activities and team members that are a part of the incident response will vary based on the goals of the incident response.

Incident response is a process, not an isolated event. In order for incident response to be successful, teams should take a coordinated and organized approach to any incident.