|
1. CIRT is also used interchangeably with the other common acronym, CERT (computer emergency response team). Since every incident may not be an emergency or a crime, I prefer to use the term CIRT just for the sake of logical consistency.
2. Some might argue that the actual registers and cache of the CPU itself contain information. This is true, but it is not common practice to collect this information during an investigation. The crux of the problem is that the very process of trying to capture the information will change the information contained therein.
|