Summary should include the following incident response procedures:
- First response
- Identify
- Report through proper channels
- Data/device preservation
- Use of documentation/documentation changes
- Chain of custody
- Tracking of evidence/documenting process
Process/Skill Questions:
- What are the stages of the first response stage?
- What are the procedures in an incident response?
- What is the chain of custody for tracking evidence?