Pre-incident Preparations

• Nobody WANTS to be faced with a forensic examination.

• Everybody should be prepared for one.

• Valuable or high risk systems should have a tested incident response plan in place.

• Enable Magic SysRq key on critical Linux systems!

• Document responsible system administrators, points of contact, and responsible management.

• Document what systems can be pulled off line in an emergency and what ones can not and how to proceed with them in the event of an incident!

• Pretest emergency boot proceedures.

Notes: