The computer forensics investigative process includes five steps: Identification, Preservation, Collection, Examination, and Presentation. When a breach has occurred in a medium to large-sized company

The computer forensics investigative process includes five steps: Identification, Preservation, Collection, Examination, and Presentation. When a breach has occurred in a medium to large-sized company, cybersecurity experts, and sometimes forensics specialists will investigate using this process. In a small company, it’s likely that the IT staff will have multiple roles, but what do you think about the larger companies? Should the experts who do penetration testing or maintain the security defenses be involved in the forensics investigation after a breach? What are some pros and cons you can see in having a lot of people examining the breach?