 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 5: Operational/Organizational Security (Domain 5.0; 15%) |
|
5.6 Computer Forensics
(Page 1 of 2)
Computer forensics involves the application of investigation and analysis techniques that comply with a legal system. The U.S. Department of Justice working in conjunction with a number of groups including the Technical Working Group for Electronic Crime Scene Investigation has created a 93 page PDF that appears to be accepted internationally448. A large percentage of the PDF is resources, which are handy. It will not take you a great deal of time to read what to do in the first moments of responding without destroying evidence.
![[spacer]](1p.gif)
Computer Forensics = Deep SpecialtyThe Cyber crime scene is no different than a physical crime scene in the sense that from a legal standpoint the protection of evidence is critical449. In fact, evidence figures prominently in the “three A’s” of computer forensics, which are:
- Acquire the evidence without altering or damaging
the original data (covered in section 5.6.1).
- Authenticate that your recorded evidence is the
same as the original seized data (covered in section 5.6.2).
- Analyze the data without modifying the recovered data (covered in section 5.6.3).
Data analysis tools include the open source offering The Corner’s Toolkit (TCT) available from: http://www.fish.com/tct/FAQ.html.
As with many computing topics, once you get started with descriptive models, you can run into a nearly endless variety of them. To illustrate this point, the International Association of Computer Investigative Specialists (IACIS), a computer forensics group made up entirely of law enforcement professionals (who have a great domain name450), puts it a bit differently, with the following essential requirements for a computer forensic examination.
- Forensically sterile examination media must be
used (“Acquire”, above).
- The examination must maintain the integrity of
the original media (“Authenticate” and “Analyze”).
- Printouts, copies of data and other exhibits must be properly marked, controlled and transmitted (an addition).
|
Quick navigation to subsections and regular topics in this section |
__________________
448. http://www.iwar.org.uk/ecoespionage/resources/cybercrime/ecrime-scene-investigation.pdf - Electronic Crime Scene Investigation: A Guide for First Responders
449. Kruse, Warren G. and Jay G. Heiser, Computer Forensics Incident Response Essentials, Addison-Wesley, September, 2001, http://www.nerdbooks.com/item.html?id=0201707195
450. http://www.cops.org (Yes, this truly is the web site of IACIS!)
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.