EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 2 : Computer Forensics Investigation Process |
||||
| Notes available : 7 |
You are not logged in. Please Login for track your learning progress |
|||
First Response
The term “first responder” refers to the person who arrives at the crime scene first to assess it and alert the management and incidence response teams. The first responder is responsible for protecting and securing the crime scene. First response to any security incident can be done by one to three different groups of individuals who hold different skillsets and might perform different tasks based on the type and severity of the incident:
1. First response by non-forensics staff
2. First response by system/network administrators
3. First response by laboratory forensic staff
First Response by Non-forensics Staff
Non-forensics staff are responsible for protecting the crime scene and ensuring that it remains in a secure state until the forensics team advises otherwise. They should make notes and take photographs of the scene and those present to hand over to the attending forensics team. The surrounding area linked to the incident should also be secured along with the computing systems or other electronic devices.
First Response by System/Network Administrators
Once a system administrator discovers an incident, it must be reported according to the current organizational incident reporting procedures. The systems administrator should not perform any action unless directed to do so by either the incident/duty manager or one of the forensic analysts assigned to the case. Based on the incident occurred, system/network administrators can take the following measures:
1. Record what is on the screen if the computer is switched on
2. Transfer copies of system logs onto a clean media
3. If an ongoing attack is detected, seek top management approval before powering down any computing systems
4. Isolate the computing systems or other digital devices from further use or tampering
5. Document every detail relevant to the incident
The administrator should explain the security protocols and procedures followed for using the systems and storage media to the incident responder/investigator.
First Response by Laboratory Forensics Staff
The first response by laboratory forensics staff involves six stages:
1. Documenting the Electronic Crime Scene
2. Collecting Incident information
3. Planning the Search and Seizure
4. Identifying and Collecting Electronic Evidence
5. Packaging Electronic Evidence
6. Transporting Electronic Evidence
For details visit https://victorylearner.com/notes.php?catid=CC&nid=145
 |
Go to notes |  |