I need help with the first Response to a Computer Incident
I need help with the first Response to a Computer Incident
1. You are responding with others to the scene of a computer incident. You are the
one responsible for the computers at the scene. The target system (only one) is in
a business. The screen is locked, with the
2008 Server. The prompt explains that the computer is locked and that only
the administrator can unlock it. The system administrator is available and is not the
target of the investigation, and she is considered a person with high integrity who is
willing to assist.
2. tell in detail how you would take down this machine and take it to the lab for
imaging if the Enterprise, FIM 6, Portable, or EnCase 7 version is not an option and if
your directive is to seize it and take it to the lab.
3. Jot down your narrative as though it were going to be included in your report. Be sure
to describe your shutdown methodology and reasoning. Include details sufficient to
establish the complete chain of custody from the scene to the lab.
Reference: EnCase Computer Forensics -- The Official EnCE: EnCase Certified Examiner Study Guide 3rd Edition
- Publisher : Sybex; 3rd edition (September 11, 2012)
- Language : English
- Paperback : 752 pages
- ISBN-10 : 0470901063
- ISBN-13 : 978-0470901069
The solution to the first response to the computer incident.
The problem says the computer screen is locked with an OS 20008 server. The condition is the system administrator is available but not the target of the investigation.
In that case, she could press CTRL+ALT+DELETE then type the login information for the last logged-on user, and then click OK. When the Unlock Computer dialog box disappears, press CTRL+ALT+DELETE and log on normally.
If the administrator account is disabled and the screen gets locked then we will try another approach.
Trending now
This is a popular solution!
Step by step
Solved in 2 steps
