Here are 10 steps organizations should take to improve their cybersecurity response strategy and better mitigate the impact of attacks in the future.
Step 8: Don't start investigating without a plan
An overzealous response can compound the damage. For example, utilizing an external tool to attempt to find the threat can taint the data required to perform proper timeline analysis and inspect other important information such as pre-fetch data (data that is preloaded to speed the boot process and shorten application startup time). Pre-fetch data can provide valuable forensics artifacts that might help answer the "what," "where" and "when" of an attack.