To best support a digital forensic investigation, incident response teams need to be aware of the various incident response plans and processes available to them. In this CompTIA Security+ SYO-601 course, you'll start by exploring various incident response exercises, such as tabletop sessions, walkthroughs, and simulations. Then, you'll outline three fundamental attack frameworks: MITRE, The Diamond Model of Intrusion Analysis, and the Cyber Kill Chain.
Next, you'll examine different incident response plans types, including communication plans, disaster recovery plans, business continuity plans, and continuity of operation planning (COOP). You'll then identify key aspects of digital forensics, such as documentation/evidence, acquisition and integrity maintenance, preservation, e-discovery, data recovery, non-repudiation, and strategic intelligence and counterintelligence. Lastly, you'll outline how to utilize appropriate digital forensic data sources to support an investigation.
describe incident response plans and processes, such as preparation, identification, containment, eradication, recovery, and lessons learned
survey various types of incident response exercises, including tabletop, walkthroughs, and simulations
compare the following attack frameworks: MITRE ATT&CK, the Diamond Model of Intrusion Analysis, and Cyber Kill Chain
define different incident response plan types used by the IRT, such as communication, disaster recovery, business continuity, and continuity of operation planning (COOP)
compare different types of forensic documentation and evidence, including legal holds, videos, admissibility issues, a chain of custody, and timelines of events in sequence
describe the forensic acquisition concept, "order of volatility," and identify potential acquisition sources, such as disks, RAM, swap/pagefile, OS, firmware, and snapshots
survey various forensic concepts, such as integrity, provenance, preservation, e-discovery, data recovery, non-repudiation, and strategic intelligence/counterintelligence