Step 2 in the Magnum MIP methodology is the crime scene. The crime scene step is about documenting and recording the evidence of the incident ("crime"). It is important to note the environment, the location of the belligerents, the visual and logical forensics and to take pictures.I have a P990i and it has a usable camera like most new mobile phones. The photo below was taken with the P990i. A photo constitutes very good evidence and when an event happens, e.g. water pipe burst, then a visual reference is good to include as it will assist in problem management and will remove ambiguity. Most people now have these in their pockets so it is now very feasible to have a blanket coverage of major incidents with pictures. Also the P990i has a voice recording option which will allow you to make verbal notes for later reference. However, it is better to use a device like the Samsung T9.
The Exchange crime scene.
Aha, you say, but you are overlooking a big factor. Although there are those IT major Incidents that can be physical photographed, there as those that cannot. True but you do not need a camera for pictures.
Firstly, there is PrintScrn. A screen capture of an incident is perfect evidence and due diligence. I load a utility called AlphaClock which I load and have in the top right hand corner of my screen, which then also automatically records the time.
Often when dealing with network issues it is possible to obtain graphic evidence by graphing the network equipment. You do not need deep pockets to do this. STG is a neat little utility that graphs an interface via SNMP and any deviations can be captured for later forensic analysis.
There are log files and the event viewer in Windows is an example.
http://www.taproot.com/wordpress/2008/02/12/can-you-pass-the-csi-crime-scene-investigator-test/
ReplyDelete