CHFI – study notes

Security Incident – when a crime or wrongdoing was performed, involving a computer (as target, tool or crime scene).

– Note: wrong access is not necessary an incident. What if the wrong access was not used to do something else. You must go further

5WH to an investigation – Who, What, Where, When, Why – and How

ETI – Enterprise Theory of Investigation – each separated incident is part of an ongoing series of activities (see: Clifford Stoll – Cuckoo’s Egg)

An investigator must: detect evidence, preserve evidence, analyze evidence, report findings – DPAR




After a long time, I just returned (to this blog, to books, to maybe achieve something else).

In memory of my father – 03/01/42 to 24/12/14