First response is often the most important. For this reason, it is critical that established procedures are adopted. This section will attempt to develop these are part of the Open Guide project.
Initially, we will examine the potential issues, before looking at procedures.
Please do feel free to contribute.
First Responder Issues
Presence of volatile evidence on the system?
Continued presence of intruder on the system?
Possible booby traps?
Impact of system compromise on continued operations?
Are you competent in this scenario?
Should law enforcement be involved?
Protect the system and resources;
Preserve the evidence (logs, files, etc) in a legally acceptable way
Notify Managment, Incidence Response, etc