Understand and Support Investigations in this the purpose of performing investigations is to gather facts so that an informed decision or conclusion can be made or so that an action can be taken with confidence. The output provided by an investigation is a collection of evidence, analysis, and documentation to refer to in the future and to prove that the appropriate level of rigor was taken to arrive at the decision or action taken.
In the world of information systems security, there are many reasons to perform an Understand and Support Investigations, and there are many scenarios that may require one, such as in response to a crime, a violation of policy, or a significant IT outage/incident. (An interruption of service or malfunction may indicate something beyond routine equipment failure or user error.) Depending on the purpose of the investigation, they will require different levels of rigor.
What comprises an investigation? So that you understand this, this chapter will discuss these four different facets of the investigation process:
- Evidence collection and handling
- Reporting and documentation
- Investigative techniques
- Digital forensics tools, tactics, and procedures
