Determining If There Was an Incident

INFORMATION IN THIS CHAPTER:

Opening a case

Talking to users

Documentation

Mounting known-good binaries

Minimizing disturbance to the subject system

Using scripting to automate the process

Collecting volatile data