12 hours 41 minutes

Video Description

The next three sections explore the fascinating topic of computer and IT forensics. We begin by making the distinction between incident response and forensics. Forensics is concerned with the collection of evidence in preparation of going to court in order to seek prosecution of the bad guys. The overriding concern during this phase is ensuring that the gathered evidence is not altered due to the collection and analysis processes! In addition to all personnel involved with evidence collection and analysis being properly trained and qualified, there are five rules of evidence that must be strictly adhered to: 1. Must be authentic 2. Must be accurate 3. Must be complete 4. Must be convincing 5. Must be admissible

Video Transcription

now very different from incident response. We have computer forensics. So when we talk about incident response, our primary goal is to really contain the damage and correct the systems with forensics. What we're looking to do is collect evidence in such a manner that it would be admissible in court.
So we're really seeking prosecution
in forensics. So the same principles that apply to more traditional type crimes and the forensics revolving in that category are gonna apply to computer evidence as well. So what? We have just a few little elements of forensics.
Ah, So the forensic principles, of course, have to be applied to digital evidence What I just said,
but the big one evidence should not be altered as a result of the collection or the examination or analysis. So that's one of the things that we have to be very diligent about is making sure that we have a guarantee that the evidence has not been modified. We'll talk about some of the ways we do that.
Um, if you're gonna work with digital evidence, you must be qualified or under the direction of someone that is,
we have to make sure that we document document document will talk about chain of custody. And in many instances when evidence is ruled inadmissible somewhere along the line, the chain of custody has broken down.
All right, So when we talk about digital evidence, we have to think about the evidence being off. Then it we have to be able to guarantee its source of origin and again going back to that idea that it hasn't been modified. It's gotta be accurate. And again we have to be able to guarantee its accuracy.
Needs to be complete, needs to tell a story, not just part of the story.
It has to be convincing, and it has to be admissible. So the rules of evidence they all make sense. Authentic, accurate, complete, convincing and admissible.

Up Next


Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor