You are promoting user awareness in forensics, so users will know what to do when incidents occur with their computers. Which of the following tasks should you instruct users to perform when an incident occurs? (Choose all that apply)
A.
Shut down the computer.
B.
Contact the incident response team.
C.
Documents what they see on the screen.
D.
Log off the network.
Explanation:
The best choices would be B and C. When an incident occurs, the best thing to do is document what is going on and call the incident response team. By logging off the network, you can damage evidence. If the system is being attacked over the internet, then shutting the system down will corrupt the data and evidence.
Reference: Security + (SYBEX) page 456