Read the Project #1 description (attached to the Project #1a assignment folder) paying special attention to the Red Team’s report.
For this week’s discussion our focus will be upon developing a brief (1-2 page) forensics data collection plan to be used during a Red Team exercise. Your plan will be used as part of training exercise for incident response
personnel to help them learn to identify and collect evidence.
Your first task is to analyze the Red Team’s report to determine what they attacked or what attack vectors were used. Next, analyze the environment to determine what types of forensic evidence should be collected after the
attack(s) and where that evidence can be collected from. You should consider both volatile sources such as RAM (memory) and static sources such as disk drives, thumb drives (USB storage devices), etc. After you
have identified the types of evidence and the devices from which evidence should be collected, document that
in your short paper (the “plan”).
Welcome to Legit Writing
