Last Updated on December 23, 2021 by Admin
The FIRST course of action an investigator should take when a computer is being attacked is to:
- terminate all active processes.
- copy the contents of the hard drive.
- disconnect it from the network.
- disconnect the power source.