Determining If There Was an Incident
INFORMATION IN THIS CHAPTER:
Opening a case
Talking to users
Documentation
Mounting known-good binaries
Minimizing disturbance to the subject system
Using scripting to automate the process
Collecting volatile data