Evidence Identification

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 49 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
module 2.1 is the start of our process from collections to testimony.
00:06
In order to truly be able to get to the point where you can testify about your findings, you have to first identify the evidence to be reviewed.
00:16
You can't conduct analysis on thin air. You have tow, have
00:21
some piece of evidence in order to
00:24
do your analysis.
00:27
In this video, we're gonna talk about the process for identification and scoping off evidence collections.
00:35
Before we do that, however, we're going to talk about the definition of digital forensics.
00:40
Digital forensics is the application of science to the identification, collection, examination and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data,
00:57
it's really important to pay attention to the highlighted words identification collection, examination, analysis, integrity and China custody, thes air, all concepts, stages
01:07
or concepts that will be very vital to our discussions as we move forward
01:15
during evidence identification. This is where you're going to define the scope of collections. You're gonna work with legal counsel to determine what data needs to be collected, from whom,
01:26
how long you're gonna have to collect it,
01:30
where you're going to collect it
01:30
and what you're ultimately looking for, what the ultimate
01:36
story is
01:38
for what happened with that evidence.
01:42
There's an idea or concept that you want to cast a wide net,
01:47
but not over collect.
01:49
If you're dealing with a matter that involves text messages, for example, you may not need to collect the laptop for the individual. You may only need to collect the mobile phone,
02:00
but
02:01
if the collection is
02:04
and the matter is related to
02:07
emails, you may want to cast a wide net. Collect both the cell phone and the computer.
02:15
But you're not gonna also collect the cell phone and computer for three other people who are totally unrelated to the matter just because they work in the same business.
02:24
It's during this step that your documentation is going to start. You're gonna document document document.
02:30
You're going to start building your case of defense ability,
02:35
your case of repeat ability.
02:37
You're going to start showing why decisions were made, how decisions were made and what the ultimate outcome of things
02:44
and conversations that you've had were.
02:47
It's important, though,
02:51
that you ensure you have the legal authority to collect whatever evidence you're going to collect,
02:55
either through court order, subpoena
03:00
warrant
03:01
or even just the authority given to you by an organization. Because as the owner of the devices
03:09
in this summary in this video,
03:14
we talked about the process for identification and scoping of evidence collections.
Up Next
DFIR Investigations and Witness Testimony

This course discusses the role of the expert witness, the process an expert should follow from collection of digital data to reporting, the act of testifying in court, the rules that govern experts and the do’s and don’ts of good testimony.

Instructed By