QUESTION IMAGE
Question
at what phase of a security incident response should evidence be collected? preparation detection and analysis containment and eradication post - incident recovery
In security incident response, during the Detection and Analysis phase, the incident is identified, and evidence related to the incident (like logs, system states) is collected to understand the nature of the incident. Preparation is about getting ready, Containment and Eradication is about stopping the incident, and Post - incident Recovery is about restoring systems. So evidence collection happens in Detection and Analysis.
Snap & solve any problem in the app
Get step-by-step solutions on Sovi AI
Photo-based solutions with guided steps
Explore more problems and detailed explanations
Detection and Analysis