Summary
This chapter covered the incident response process, from Preparation to Lessons Learned. We reviewed every stage of this process from the assembly and training of a CSIRT to digital forensics and the investigation and analysis of collected evidence to identity and address threat incidents as they occur. The final sections also examined the chain of custody process, which ensures evidence has been accounted for between an arrest and a day in court.
The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 4.8 in your CompTIA Security+ certification exam.
The next chapter will be Chapter 22, Given a scenario, use data sources to support an investigation.