Forensic Investigation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now our next section is on
00:00
the forensic investigation process.
00:00
We've just talked about incident response,
00:00
and as I mentioned, it would not be
00:00
unusual that as a result of responding to
00:00
an incident that we
00:00
determine that perhaps a crime has been
00:00
committed or at least the potential
00:00
of a crime having been committed.
00:00
Whereas incident response has
00:00
the primary focus of
00:00
minimizing the impact on the business,
00:00
with forensic investigation, now
00:00
our focus is on collecting evidence and making
00:00
>> sure that we do so in a manner that is forensically
00:00
>> sound so that it can be introduced into court.
00:00
Here, when we talk about this idea of forensics,
00:00
it's all focused on action in a court of law.
00:00
We'll talk about some of the guidelines and
00:00
principles, and then we'll look at
00:00
the seven steps of the forensic investigation process.
00:00
Starting out with just some basics of
00:00
computer forensics, good definition here.
00:00
Proven methods towards collection,
00:00
preservation, validation,
00:00
identification, analysis, interpretation,
00:00
documentation, and presentation of digital evidence.
00:00
That pretty much covers it, right?
00:00
This idea of using proven methods,
00:00
what we're trying to guarantee or
00:00
provide assurance of is that we have
00:00
collected this information in
00:00
a way that's forensically sound and we want to be able
00:00
to provide as much assurance as
00:00
possible that all the work
00:00
we do on this digital evidence does not modify it.
00:00
We also want to make sure that we can
00:00
guarantee the integrity of the digital evidence,
00:00
as well as its relevance to
00:00
the particular situation for
00:00
which we're collecting the evidence.
00:00
There are certain international guidelines
00:00
on forensic evidence collection.
00:00
Those guidelines apply to digital evidence,
00:00
as well as more traditional evidence.
00:00
Some of those big guidelines
00:00
or some of those big principles
00:00
not altering evidence in
00:00
any way as a result of anything you do;
00:00
be it collection or analysis
00:00
or transporting the evidence
00:00
to the court of law at any point in time.
00:00
We want to make sure that we can prove that
00:00
while the evidence was in our hands,
00:00
that we've protected it.
00:00
We also want to make sure that
00:00
the folks that have access to the data are
00:00
trained and that no one exceeds
00:00
their knowledge level when it comes
00:00
to analysis or examination.
00:00
We want to make sure that
00:00
>> as the evidence was collected,
00:00
>> every step of the way we have documentation to
00:00
guarantee that the evidence
00:00
wasn't out of our hands for a time period.
00:00
An individual is responsible for
00:00
that digital evidence while
00:00
the evidence is in their possession.
00:00
That's why we document it.
00:00
That documentation often comes to
00:00
us through a document called the chain of
00:00
control so that we can make sure
00:00
that we have documentation,
00:00
like I said, for the evidence throughout
00:00
its life cycle to make sure that there are
00:00
no unaccounted for times.
00:00
Now this process of investigation
00:00
with forensics requires that we identify,
00:00
preserve, collect, examine,
00:00
analyze, present in court so that we get a decision.
00:00
Let's look at each of these steps
00:00
along the way in our next process.
00:00
Just looking at those from a high level now,
00:00
we're going to move into the next section.
Up Next