ABSTRACT
Incident response (IR) and digital forensics (DF) need both efficiency and effectiveness because if they are not done correctly, your efforts will be futile. In this chapter, the fundamental processes for incident response and digital forensic analysis will be discussed. Just today, an incident occurred on my laptop, no less. Similarly to every other day, I dock my laptop upon my arrival and start checking my e-mail. Within a few minutes, the IT admin is at my door and announces that we have a problem. He said he received a message from the main IT office-over 300 miles away and monitoring over 20 locations and thousands of computers-that my laptop has been compromised. He was instructed to remove it from the network and begin the analysis process by scanning it for any personal information that may have been accessed by a hacker. This is a great example of an incident; as small as it sounds, it is, in fact, an incident. The official definition of an incident is a situation that has compromised the integrity, confidentiality, or availability of an enterprise network, host, or data. Other incident examples include attempting to gain unauthorized access to a system, a DDOS (distributed denial of service) attack, unauthorized use of a system, website defacement, etc.
