Wednesday, September 14, 2016

Incident Response vs Digital Forensics

When an incident / event has happened that may turn into a full-scale breach it is best to ascertain (via a defined process / guide like 800-61) whether or not to engage in digital forensics or not.

However, beyond firing up forensic kits / tools like Sleuth / Autopsy, forensic activities may have adverse consequences as operations may be affected.

Many orgs want to be safe vs sorry, so they engage in forensics to check if there was a breach, though this may be not needed and may even be construed as impetuous.

Predicated on a quick notification on the event due to proper security education, awareness, and training (SETA); initial, cursory actions may be all that is needed.  At least, initially.

No comments:

Post a Comment