New Training: Incident Response and Forensic Data Collection

In this 5-video skill, CBT Nuggets trainer Bob Salmans walks through the process of identifying and containing a security incident once it has occurred. Then he’ll discuss using forensically sound techniques to gather and handle evidence as part of incident response. Watch this new cybersecurity training.

Watch the full course: CompTIA Security+

This training includes:

• 5 videos

• 51 minutes of training

You’ll learn these topics in this skill:

• Identifying an Incident

• Containing and Mitigating an Outbreak

• Forensic Data Collection

• Forensics In the Cloud

• Forensic Evidence Management

4 Phases Of Forensic Data Collection

Handling cybersecurity incidents can be difficult. On top of fixing and mitigating issues, organizations need to carefully collect forensic data for law enforcement. Because this data might be used in a court case, it needs to be as organized and untampered as possible. As such, NIST has released guidelines for collecting and managing forensic data for a cybersecurity issue. Here is a broad overview of the phases of forensic data collection.

The process of collecting digital forensic data includes four phases:

• Collection

• Examination

• Analysis

• Reporting

The collection phase is a triage phase. During this step, data is identified, labeled, and recorded in detail. The examination phase processes that collected data using both automated and manual methods. This step also extracts data that might be of interest. The analysis phase analyzes data using legally justifiable methods to find useful data and answer questions. Finally, the reporting phase organizes the results of the analysis along with all of the data collected.