When an incident / event has happened that may turn into a full-scale breach it is best to ascertain (via a defined process / guide like 800-61) whether or not to engage in digital forensics or not.
However, beyond firing up forensic kits / tools like Sleuth / Autopsy, forensic activities may have adverse consequences as operations may be affected.
Many orgs want to be safe vs sorry, so they engage in forensics to check if there was a breach, though this may be not needed and may even be construed as impetuous.
Predicated on a quick notification on the event due to proper security education, awareness, and training (SETA); initial, cursory actions may be all that is needed. At least, initially.
No comments:
Post a Comment