5.0 Recover Flashcards
Root cause analysis
After- action report (AAR)
Lessons learned
Reporting and documentation
Analyze incident reports
Execute recovery planning processes and procedures
Document and communicate results
Security requirements of systems
System interoperability and integration
Actions
Processes
Tools and technologies
Devices
Systems
Security features
Management constraints
Personnel security
Physical structures, areas, and devices
Memory forensics analysis/tools
Volatility
Data sources and disk images
Analysis of digital evidence
Analysis of digital evidence
Hardware and software tools
File copying techniques
Logical backup
Bit-streaming imaging
File modification, access, and creation times
Forensic recordkeeping
Automated audit trails
Chain of custody
Forensic investigation
Forensic collection and analysis tools
Recovery planning processes
Contingency planning
Systems and assets
Lessons learned
Review of existing strategies
Implement improvements
Document and communicate reports, lessons learned, and advice for recovery, contingency, and continuity of operations plans
