The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation?

Last Updated on August 10, 2021 by Admin 3

A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation?

  • Create an image of the hard drive
  • Capture the incoming and outgoing network traffic
  • Dump the contents of the RAM
  • Parse the PC logs for information on the attacker
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments