Basic Concepts of Forensics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

33 hours 23 minutes
Video Transcription
Hello and welcome back to Siberia's 2019 comp t A security plus certification preparation course.
We'll continue our discussion off Marginal five, in fact, is domain five, and the topic of discussion will be risk management.
We have a brand new learning objective, which is 5.5. What we have to summarize basic concepts of forensics.
The first item on our agenda is a pre assessment quiz.
What you need determined is basically, whether or not the statements either true or false,
and it reads as follows.
APA data is captured. It has to be reserved as evidence. Is that true or false?
If you should let the true you're absolutely correct.
Turn that attitude toward a forensic in terms of an overview.
Digital forensics
is the technique of uncovering and understanding electric Donna.
The purpose of this technique is to preserve any documentation, is most original structure while performing and organized investigation by collecting, identify and validating the digital information with the aim to reconstruct past events
here again of some of dis objectives which encompasses this 5.5 summarizing the basic concept of forensics. What we're gonna do now is take a look at the term
order volatility chain of custody as well as legal hole.
So that begs the question.
What is a forensic investigation?
Investigation? Is gathering and analysis all crime related physical evidence for the purpose of coming to a conclusion about a suspect. Investigators were examined blood fluid, fingerprints, residue, hard drives, computers and other technology. Each step is the way in which a crime took place.
So when you look at the events in terms of the life cycle, first thing you collect us seized evidence,
you transport the evidence. You protect our story evidence and then you. When you get back to your lap, you literally analyzed the evidence.
Now, one thing that's very important particularly tell my transporting that evidence.
It's chain of custody. You may X one No one is a chain of custody.
Now change a custom refers to forensic principle whereby each movement or transfer data must be recorded and law appropriately at no time must the chain be disrupted. If it is, the evidence is of no use ever should be appropriate, identify using or including circumstances under which it was collected,
who collected a detailed description and other important information. In most cases, ever is packed in a poly bags for transport to forensic laboratory or a storage location.
Now, in terms of the order of volatility,
this refers to the order What you should collect evidence. Holly Bottler data is easier laws such as data memory when you turn off the computer, and this chart here lists some items. For example, taking a look. A disk. It's only minutes in terms of volatility. Other words. That's amount of time you have before you need to collect evidence
before, actually could actually would care what we call news in the doubt. In other words,
we come to term called Legal Hole.
It is a process that it open listen uses to preserve all forms of relevant information when litigation is pending or reasonably anticipated.
Here. Get us some additional topics, which encompasses this 5.5. What we have to summarize the basic concept of forensic. Now let's turn our teacher warden taking a look at data acquisition terms of capture in the system image network traffic and logs all way down to your witness interviews.
So tenants again as I mentioned your attitude toward a data acquisition, we look at capture system image. Simply. That means when you capture a system image and owns, this would create an exact sector level, duplicate off the media
in terms of network traffic clogs as part of network, forensic and organization might monitor and analyze computer trafficked for the purpose up and choose your detection and information gathered or as part of evidence in litigation.
We have a term called capture video when you captured on video and audio for the purpose of forensic analysis.
It is important for the organization to understand how this system records the data
record time offsets during the playback of a system image, media or data. It is important for an organization understand the time offset when the information was recorded. In other words, the time zone
time hashes Athens images captured is typically and verified at critical points throughout the analysis to ensure that the evidence is still in its original state.
A screenshot, basically what that is, is commonly used in less critical forensic analysis or in scenarios where they capture sister image. Media or data is not available.
A witness interviews important for you to interview or the polls, and it was you who might have direct knowledge related to the incident.
Here again at some additional topics, which encompasses 5.5 with summarized basic concept of forensics, we'll take a look at the term call preservation recovery all way down to tracking our man hours.
When you look at preservation after your data is captured, it needs to be preserved as evidence
because more often, time it be a while before that case become before a jury or judge. So during that period of time, we must ensure that that evidence is protected in his words. Preserved in its original state
recovery is the art and science of retrieving information from a computer cell phone or any electronic media that's been deleted. Damage hit our loss.
So teaching, intelligent or counter intelligence gathering
it is the collection, processing, analysis and dissemination of intelligent information for formulating policies and military plans at the international, as well as a national policy level policy level as well.
Doing I comptel doing what we call a counter intelligence gathering, it might be message for organization maintaining acted log of the activities of the opposition or attacker.
It's also important for as an organization that you track your man hours and expenses and current by the Incident Response team. And well
as well. In other words,
this brings us to our post assessment quiz and what you need determine whether Matt this statement here is either true
or is it false? And it reads as follows. Disciple Forensics is the technique of uncovering an understanding electric data. Is that true or false?
If you said it show you absolutely correct, this brings us to our key takeaways from this particular video presentation,
and they are as follows
we don't need a chain of custom refers to a forensic principle whereby each movement or transfer data must be recorded and logged appropriately.
We also learned support for or is this a trick? That man? I was expenses. Encouraged by the response team,
we learned that recovers the art and science of retrieving information from a computer cell phone or any electronic media that has been deleted damage or hitting our loss.
We also learned that there is a beloved that process that organization used to preserve all forms of red of information when litigations pending or reasonably anticipated
and our upcoming video will be moved on to a brand new learning objective was his 5.6, where we need to explain disaster cover and continuity off operation concepts. And again, I look forward to seeing, you know, very next video.
Up Next
CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By