Phishing Campaign Investigation
Question
An incident response team requires documentation for an email phishing campaign against a company's email server.
Which of the following is the BEST resource to use to start the investigation?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The BEST resource to start an investigation into an email phishing campaign against a company's email server is option A, Audit and system logs.
Audit and system logs are records of activity on the email server, which can help the incident response team identify any anomalies or suspicious activity that may have occurred during the phishing campaign. By analyzing the logs, the team can determine the scope of the attack, the extent of the damage, and any potential points of entry or weakness in the system that may have been exploited.
Option B, Change management procedures, outlines the steps for making changes to the email server and would not be the best resource for investigating an email phishing campaign.
Option C, Departmental policies, describes the rules and guidelines for how employees should use the email server, which may be useful for preventing future attacks but would not be the best resource for investigating a past attack.
Option D, Standard operating procedures, provides guidance for how to perform routine tasks on the email server, which would not be the best resource for investigating an email phishing campaign.
In summary, audit and system logs are the best resource to start an investigation into an email phishing campaign against a company's email server, as they provide detailed information about the activity on the server during the attack.
