First Responder in Cyber Incident, Explained!


Roles of First Responder

1. Identifying the crime scene
2. Protecting the crime scene
3. Preserving temporary and fragile evidence
4. Collecting the complete information about the incident
5. Documenting all the findings
6. Packaging and transporting the electronic evidence.

Toolkit

1. A first responder toolkit is a set of tools that helps first responders collect genuine and presentable evidence. 
2. It helps first responders to understand the limitations and capabilities of electronic evidence at the time of collection.
3. First responders have to select the trusted computer forensics tool that gives output specific information.

Creating Toolkit

1. Create a trusted forensic computer or testbed
  • Choose the related operating system.
  • Completely sanitize the forensics computer
  • Install the operating system and required software
  • Update and patch the forensics computer
  • Install a file integrity monitor to test the integrity of the file system

2. Document the details of the forensics computer
  • Version name and type of the operating system
  • Name and types of different software
  • Name and types of the installed hardware

3. Document the summary of the collected tools
  • It helps the first responder to understand how a tool works
  • The summary comprises:
    • Acquisition of the tool
    • Detailed description of the tool
    • Working of the tool
    • Tool dependencies and the system effects

4. Test the tools
  • Test the collected tools on the forensics computer and examine the performance and output
  • Examine the affects of the tool on the forensics computer

Tools

  • Notebook Computers - Licensed Software, Bootable CD, External hard drives and Network cables.
  • Software tools - Encase Forensics, Forensic Tool Kit (FTK), ProDiscover, Hex Workshop, X-Ways Forensics.
  • Hardware Tools - Paraben forensics hardware, Digital Intelligence forensic hardware, Tableau Hardware accelerator, Wiebetech forensics hardware tools, Logicube forensics hardware tools.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment