Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
The next three sections explore the fascinating topic of computer and IT forensics. We begin by making the distinction between incident response and forensics. Forensics is concerned with the collection of evidence in preparation of going to court in order to seek prosecution of the bad guys. The overriding concern during this phase is ensuring that the gathered evidence is not altered due to the collection and analysis processes! In addition to all personnel involved with evidence collection and analysis being properly trained and qualified, there are five rules of evidence that must be strictly adhered to: 1. Must be authentic 2. Must be accurate 3. Must be complete 4. Must be convincing 5. Must be admissible