You are a forensic professional on an incident response team at a large-ish company. What relationships are important for you to have or to make? Are these internal or external relationships? Why do you feel these particular relationships are important? What other relationships is it necessary for the team to have overall and who would they be with — which team member and what external person or entity? How would you create and manage those relationships?
Category: Apa 7
You have been called into the offices of a mid-sized city. The fire department, police, city offices, and library are all connected in a metropolitan area network and the entire network is being hit with a malware infestation. The IT team from the city is focused on getting all of the systems disinfected and the city back to doing business. You have been asked to perform a forensic analysis, though the objective of the analysis isn’t clear other than they want a “patient zero” and they also want to know if any data has been exfiltrated. What artifacts are you going to be looking at, how are you going to handle evidence (collection, analysis, storage as necessary) and what are you going to consider to be your primary objective? Keep in mind that the team overall is meeting twice a day, there is a lot of panic and anxiety over trying to contain this.
Write a professional memo indicating what evidence you expect would need to be collected during an incident in a corporate environment. How do you propose to collect the evidence, manage and store it? What costs are associated with what you propose? You will have to research and document costs associated with your plan. Making statements such as ‘cost will be dependent upon the situation or management’s decision’, will not receive credit.
https://owl.purdue.edu/owl/subject_specific_writing/professional_technical_writing/memos/sample_memo.html
