Most small and medium-sized businesses cannot afford a full Computer Emergency Response Team (CERT). Many large companies also outsource this operation. Whether the team is internal or external makes a significant difference in the early stages of an investigation. We will assume that we are working as a forensic contractor. In the most expedient situation, our forensic team should consist of multiple job titles, but some of them may be held by the same person. A very important position is that of legal representative. This may come from the public relations department of the company that hired you, but it is usually a good idea to bring in someone with extensive legal knowledge to guide you through the process and ensure that the data is admissible before the court. There should be a CERT team leader who coordinates and reviews all team actions. Each incident must also have an incident manager. This incident manager may vary depending on the type of intrusion, or the CERT manager may also be the incident manager. You will also have CERT members who specialize in various fields. This may include IPS and IDS experts, specific operating system experts, and/or web server experts (“IT Security Incident Response”). The response plan must be in place before an incident occurs. This should include a forensic tool chest, with a mobile chest being preferred if possible (all tools should be tested before use). The plan generally follows a general form for most incidents and most organizations. The incident is reported. The initial assessment is carried out, including network information. The investigation then begins by collecting evidence based on the type of incident and the information we already know from our initial as...... middle of paper ......oi:10.1016. Retrieved from https://wiki.engr.illinois.edu/download/attachments/203948055/1-s2-1.0-S1742287605000940-main.pdf?version=1&modificationDate=1351890428000Collie, Byron. “INTRUSION INVESTIGATION AND POST-INTRUSION COMPUTER FORENSIC ANALYSIS.” INTRUSION INVESTIGATION AND POST-INTRUSION COMPUTER FORENSIC ANALYSIS. Np, and Web. January 17, 2014. .Hill, B. and O'Boyle, T. (August 2000). (2000, August). Cyber ​​detectives use intrusion detection systems and forensic analysis. Retrieved from http://www.mitre.org/news/the_edge/february_01/oboyle.html “Computer Security Incident Response.” Respond to IT security incidents. Np, and Web. January 19. 2014. .