Assignment writing rules Essay
A computer forensic investigation has three phases. List what they are and describe the activities that happen in each phase. The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure TTS trustworthiness.
Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.
3. Following a serious incident, post-mortem review meetings are conducted to review what happened. Describe how the CIRRI post-mortem review helps mitigate risk. A CIRRI plan identifies the tasks each individual team has, therefore during the review they may input critical information so that when a problem of the same category presents itself there could be steps in plan to help mitigate the response. 4. NIST SP 800-61 describes three models you can use for a CIRRI.
List the three models and describe how they function.
Critical incident response team: May be used by organizations with one location, or have a single team that can cover multiple locations. Distributed incident response teams: If an organization has multiple locations this will be used, but the team at headquarters will have control of all the say at each location. Coordinating team: Senior personnel, who provide advice to other teams, but don’t have any authority over the team.