Incident Investigation
Cyber Incident Investigation Training: Reducing Evidence Abstraction
This post was originally published here by Chris Sanders. An incident investigation will only go as far as the evidence allows it. Of course, there’s a lot of components that have to come together to make that happen. The network must support the collection of robust and diverse evidence sources and it must be searchable […]