The basic features
The initial steps of analysis (securing data) should begin promptly upon detecting a security incident, as electronic traces can degrade over time, with some becoming undetectable within hours to days, though others may persist for weeks to months.
A typical analysis process follows these steps:
- An initial consultation;
- Formulating pertinent questions to address;
- Providing support in securing the necessary data;
- Analyzing the incident's progression;
- Uncovering answers to formulated questions;
- -Documenting the entire process and presenting findings in a final report.
The goal of the analysis is to address specific customer inquiries, such as:
- Whether a particular document currently exists or existed on the device.
- Whether specific applications are or were installed on the device.
- Whether documents have been altered, and other related inquiries.