Incident Response and Computer Forensics Resources

Other

  • You have been assigned by the Widget Factory CISO to research and evaluate the existing foundation that is available to develop effective incident response and forensics investigations. Your evaluation should include both general implications and an evaluation of the existing Widget Factory environment, including identification of areas in need of improvement.Part 1: In 6–8 pages, complete the following:
    • Identify the differences between incident response and forensics.
    • Describe the challenges facing a first responder when he or she is trying to maintain quality and preserve chain-of-evidence rules.
    • Review the steps that make up a comprehensive forensics and incident response plan.
    • Describe the steps for effective integration of forensics and incident response procedures when forensics is externally contracted.
    • Evaluate the existing incident response resources presented in the case study.

    Additional Requirements

    • Written communication: Written communication is free of errors that detract from the overall message.
    • APA formatting: Use current APA style and formatting guidelines.
    • Length: 6–8 pages, excluding the references page and the two screen captures from the Toolwire lab.
    • Font and font size: Times New Roman, 12-point.
Criteria Non-performance Basic Proficient Distinguished
Identify the differences between incident response and forensics.
Does not identify the differences between incident response and forensics. Identifies incompletely or inaccurately the differences between incident response and forensics. Identifies the differences between incident response and forensics. Identifies the differences between incident response and forensics, including the use of supporting examples.
Describe the challenges involved with first responder handling of potential evidence.
Does not describe the challenges involved with first responder handling of potential evidence. Describes incompletely or inaccurately the challenges involved with first responder handling of potential evidence. Describes the challenges involved with first responder handling of potential evidence. Describes the challenges involved with first responder handling of potential evidence, including the use of supporting examples.
Review the steps that make up a comprehensive forensics and incident response plan.
Does not review the steps that make up a comprehensive forensics and incident response plan. Reviews incompletely or inaccurately the steps that make up a comprehensive forensics and incident response plan. Reviews the steps that make up a comprehensive forensics and incident response plan. Reviews the steps that make up a comprehensive forensics and incident response plan, including the use of supporting examples.
Describe the steps appropriate for effective integration of forensics and incident response procedures when forensics is externally contracted.
Does not describe the steps appropriate for effective integration of forensics and incident response procedures when forensics is externally contracted. Describes incompletely or inaccurately the steps appropriate for effective integration of forensics and incident response procedures when forensics is externally contracted. Describes the steps appropriate for effective integration of forensics and incident response procedures when forensics is externally contracted. Describes the steps appropriate for effective integration of forensics and incident response procedures when forensics is externally contracted, including the use of supporting examples.
Evaluate incident response resources.
Does not evaluate incident response resources. Incompletely or inaccurately evaluates incident response resources. Evaluates incident response resources. Evaluates incident response resources, including the use of supporting examples.
Use forensics tools to recover deleted files.
Does not use forensics tools to recover deleted files. Incompletely or inaccurately uses forensics tools to recover deleted files. Uses forensics tools to recover deleted files. Uses forensics tools to recover deleted files, including how these tools contribute to an incident investigation

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *