Developing a modern cyber investigative infrastructure and set of strategies is an essential component of enterprise incident response planning. This is easier said than done, so security teams are advised to learn as much as they can about how the process of modern enterprise forensic investigation has evolved. They are also advised to select commercial platforms that ensure good coverage and support during investigations. This report is intended to help on both fronts.
Modern enterprise security teams will generally agree on the need for proactive security to prevent breaches, detection-based security to observe incidents while they proceed, and reactive security to support incident response after a breach. These are familiar considerations for working security professionals, and they form the backbone for security compliance frameworks such as the NIST 800-53 Rev 5 requirements. They also help to provide context for current forensic investigative methods.