Incident_Response_And_Forensics_Flashcards
What are the key stages of Incident Response?
Preparation, detection, containment, eradication, and recovery.
What is the purpose of an Incident Response Plan (IRP)?
To provide a documented set of procedures for responding to cybersecurity incidents.
Who is responsible for detecting, responding to, and mitigating cybersecurity incidents?
The Incident Response Team (IRT).
What are the key components of digital forensics?
Collecting, preserving, and analyzing digital evidence.
Why is digital forensics important in legal proceedings?
To provide evidence for court cases and ensure its admissibility by maintaining integrity.
What is the first stage of Incident Response?
Preparation, which involves establishing policies and conducting risk assessments.
Why is the detection stage critical in Incident Response?
It allows for quick response and prevention of further damage by identifying suspicious activities.
What does containment aim to achieve in Incident Response?
It isolates affected systems to prevent the spread of an incident.
How does digital forensics help in incident response?
It uncovers the who, what, when, where, and how of a cyber incident.
What is a forensic image in digital forensics?
A bit-by-bit copy of storage media used to preserve original data for analysis.
