Forensic investigation of incidents

Critical
High
Normal
Low

After a disturbance, a forensic examination must be carried out on the malicious code or other remnants of the disturbance. A safe investigation in a closed environment can open up the causes, goals, and motives of the incident. This helps the organization fix potential security vulnerabilities, prepare for similar incidents, and identify or profile a potential attacker.

Connected other frameworks and requirements:
RS.AN-3: Forensics
NIST CSF
No items found.