Incident Response#



Data Collection#

In any incident response, data collection is a critical first step. This data can come from a variety of sources, including network and host-based intrusion detection systems, system and application logs, and even direct observation. The data collected during this phase can be used to determine the scope of the incident, identify the systems and data affected, and begin to piece together what happened.

Miscellaneous Articles#

There are a number of articles that don’t fit into any specific category. These are known as miscellaneous articles.


The image below proposes a workflow you can use to learn incident response:

Incident response procedure and workflow