ABSTRACT
Forensic investigations can be triggered from several types of events generated by a variety of security controls. Whether they originate because of human watchfulness, rule matching in an intrusion prevention system (IPS), or modification of data alerted on file integrity monitoring (FIM), organizations must demonstrate an acceptable level of due diligence by ensuring they review each event as it is generated.
