ABSTRACT
In this chapter, we will describe a framework for conducting an internal investigation of a computer security incident. Because the focus of this book is the corporate investigator, rather than law enforcement, we will skip discussions of search warrants, subpoenas, and other issues with which law enforcement must deal. We point out, however, that you will not, in all likelihood, have decided whether or not to request assistance from a law enforcement agency when you begin your investigation. For that reason, you must treat every investigation as if it will become a criminal proceeding.
