Security Incident – when a crime or wrongdoing was performed, involving a computer (as target, tool or crime scene).
– Note: wrong access is not necessary an incident. What if the wrong access was not used to do something else. You must go further
5WH to an investigation – Who, What, Where, When, Why – and How
ETI – Enterprise Theory of Investigation – each separated incident is part of an ongoing series of activities (see: Clifford Stoll – Cuckoo’s Egg)
An investigator must: detect evidence, preserve evidence, analyze evidence, report findings – DPAR
After a long time, I just returned (to this blog, to books, to maybe achieve something else).
In memory of my father – 03/01/42 to 24/12/14