Description should include the following:
- First responder
- Secure the area (escalate when necessary)
- Document the scene
- eDiscovery
- Evidence/data collection
- Chain of custody
- Data transport
- Forensics report
- Legal hold
Process/Skill Questions:
- What are responsibilities of a first responder when a network crisis occurs?
- What are the procedures in establishing the chain of custody?