Part 03 - Intro to Forensics

Video Activity

The next three sections explore the fascinating topic of computer and IT forensics. We begin by making the distinction between incident response and forensics. Forensics is concerned with the collection of evidence in preparation of going to court in order to seek prosecution of the bad guys. The overriding concern during this phase is ensuring tha...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or
View all SSO options

Already have an account? Sign In »

Security Operations
MicroCourse
Time
2 hours 38 minutes
Difficulty
Beginner
CEU/CPE
3
Video Description

The next three sections explore the fascinating topic of computer and IT forensics. We begin by making the distinction between incident response and forensics. Forensics is concerned with the collection of evidence in preparation of going to court in order to seek prosecution of the bad guys. The overriding concern during this phase is ensuring that the gathered evidence is not altered due to the collection and analysis processes! In addition to all personnel involved with evidence collection and analysis being properly trained and qualified, there are five rules of evidence that must be strictly adhered to: 1. Must be authentic 2. Must be accurate 3. Must be complete 4. Must be convincing 5. Must be admissible

Video Transcription
00:04
now very different from incident response. We have computer forensics. So when we talk about incident response, our primary goal is to really contain the damage and correct the systems with forensics. What we're looking to do is collect evidence in such a manner that it would be admissible in court.
00:23
So we're really seeking prosecution
00:26
in forensics. So the same principles that apply to more traditional type crimes and the forensics revolving in that category are gonna apply to computer evidence as well. So what? We have just a few little elements of forensics.
00:44
Ah, So the forensic principles, of course, have to be applied to digital evidence What I just said,
00:49
but the big one evidence should not be altered as a result of the collection or the examination or analysis. So that's one of the things that we have to be very diligent about is making sure that we have a guarantee that the evidence has not been modified. We'll talk about some of the ways we do that.
01:08
Um, if you're gonna work with digital evidence, you must be qualified or under the direction of someone that is,
01:15
we have to make sure that we document document document will talk about chain of custody. And in many instances when evidence is ruled inadmissible somewhere along the line, the chain of custody has broken down.
01:30
All right, So when we talk about digital evidence, we have to think about the evidence being off. Then it we have to be able to guarantee its source of origin and again going back to that idea that it hasn't been modified. It's gotta be accurate. And again we have to be able to guarantee its accuracy.
01:51
Needs to be complete, needs to tell a story, not just part of the story.
01:56
It has to be convincing, and it has to be admissible. So the rules of evidence they all make sense. Authentic, accurate, complete, convincing and admissible.
Up Next
View All
Security Operations

They are responsible for knowing where a network's possible vulnerabilities are and providing mitigation strategies to combat them. An effective Cyber Security Operations Manager will have experience in a technical security role including ...

View Course
Instructed By
Kelly Handerhan
Kelly Handerhan
Senior Instructor
Similar Content
CRISC
CRISC

This course on Certified in Risk and Information Systems Control is for IT and business ...

Cybrary
Course
Advanced
7 CEU/CPE Hours Available
Certificate of Completion Offered
Popular
CompTIA Advanced Security Practitioner (CASP+)
CompTIA Advanced Security Practitioner (CASP+)

This practice exam helps prepare for the CompTIA Advanced Security Practitioner (CASP+) certification exam. The ...

Practice Labs
Practice Test
Intermediate
Cross-Site Scripting
Cross-Site Scripting

This course will cover an introduction to Cross-Site Scripting (XSS)- a popular cybersecurity attack. ...

Cybrary
Course
Intermediate
1 CEU/CPE Hours Available
Certificate of Completion Offered