Creation of incident timelines and investigatory scope.
Timelines and investigatory scope.
The LMJ-Ad corporate management has been informed by the network administrative team there was a malware/ransomware attack and infection overnight requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email, and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee.
- In this first phase of the incident response process the incident response team must perform an incident review. Describe in detail each item below as part of the initial investigative process only to be applied to this incident:
Step 1: Review of notes taken from user interviews
Step 2: Performing risk assessments
Step 3: Creating data collection checklists
Step 4: Creation of incident timelines and investigatory scope.
Step 5: Drafting of the forensics incident response plan
As part of your descriptions, provide the specific tasks that you need to perform for steps 1 through 5. In later Units we will discuss in detail the specific investigative approach to identify, collect, preserve, analyze, and report on the incident.