Virtual Cyber & Technology Risk Management Forum

First page Table of contents Previous page 173 Next page Last page

Best Practices • Only quarantine the incident, preserve the evidence (i.e. don’t shut the computer down!) • Contact an expert forensics resource or have on one staff • If not, at least create forensic image or keep the hard drive for a period of time, for future investigations • When contained and imaged, rebuild the system from scratch 4. Digital Forensics

© SBS CyberSecurity, LLC www.sbscyber.com

37

Made with FlippingBook Publishing Software