Question

The computer forensics investigative process includes five steps: Identification, Preservation, Collection, Examination, and Presentation. When a breach has occurred in a medium to large-sized company, cybersecurity experts, and sometimes forensics specialists will investigate using this process. In a small company, it’s likely that the IT staff will have multiple roles, but what do you think about the larger companies? Should the experts who do penetration testing or maintain the security defenses be involved in the forensics investigation after a breach? What are some pros and cons you can see in having a lot of people examining the breach?

Answer 1

Back ground
some basic terms should be clear in context of cyber security
a)Vulnerability:
Vulnerabilities are the flaws present in security system.
b)Threat:
Any person,any malicious program, or any object which can exploit
vulnerability to access the data/information/IT resources in an unauthorized manner is a threat for the system.
Ans:
Now a days there is a pressing need to protect data,information, and other IT resources from cyber attack.so in large organization entire computerized system should be protected from cyber attack.
penetration testing is performed to find the vulnerability( flaws in security system)present in the security system.these vulnerabilities should be removed by the experts to make entire system more secure.

after a breach ,experts involved in penetration testing should be involved in investigation because they are aware of vulnerabilities and can help in investigation process.

group of these experts should be considered as a single entity.it means all the expert members should reach to a common opinion otherwise different opinions may lead to confusion.

having a lot of people in investigation may be beneficial because all the aspects related to the incident can be considered.
having a lot of people in investigation may be a time saving approach.

having a lot of people in investigation may lead to confusion due to various opinions.
investigation may be expensive due to presence of a lot of people in investigation team.