Page 679 - StudyBook.pdf
P. 679
Operational and Organizational Security: Incident Response • Chapter 11 663
A: A person conducting computer forensic investigations and examinations should
have expert computer skills, including an understanding of hardware, network
technologies, programming skills, and forensic procedures. It is also a good idea
for the forensics investigator to have a good knowledge of applicable local, state,
and federal laws regarding computer crimes and rules of evidence.
Q: How should I prepare evidence to be transported in a forensic investigation?
A: Before transporting evidence, you should ensure that it is protected from being
damaged. Hard disks and other components should be packed in anti-static
bags, and other components should be packaged to reduce the risk of damage
from being jostled.All evidence should be sealed in a bag and/or tagged to
identify it as a particular piece of evidence, and information about the evidence
should be included in an evidence log.
Q: I want to fix vulnerabilities by installing the latest bug fixes and service packs
on my servers, but I’m concerned about issues where the service pack or bug
fix causes more harm than what it is repairing. How can I minimize the risk of
problems associated with installing service packs and bug fixes?
A: A number of cases have occurred where problems arise after a bug fix or ser-
vice pack has been installed.To minimize the risk of this occurring, wait a short
period of time after it is initially released to determine what problems (if any)
can be expected from installing the fix or service pack. Even after others have
tried it successfully, you should not install major system updates on your critical
systems without first testing them on a prototype system that is not connected
to the production network.
www.syngress.com
