in hashing algorithms that can make
                              solo hashes risky.
                          •  Make 2 copies (primary for backup &
                              working for analysis).
                          •  Zero the media before using it (use
                              proofed media – media verified for
                              being clean).



               Incident Response and Handling
                   •  Event: observable occurrence.
                   •  Incident: series of events that impacts
                       business.
                   •  Skills needed:
                          •  Recognition skills
                          •  Technical skills
                          •  Response skills
                   •  Escalation process:
                          •  Triage: notification and identification.
                          •  Action/reaction: containment,
                              analysis, tracking.
                          •  Follow up: repair/recovery,
                              prevention.

               Interviewing and Interrogation
                   •  Interviewing: the purpose is to discover
                       information
                   •  Interrogation: the purpose is to obtain
                       evidence for trial.
                   •  Suspect checklist (M.O.M.):