Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Certain incidents rise to the level of being considered crimes and as such, warrant an investigation. The field of investigating and prosecuting technology crimes is called Computer Forensics. Forensics differs from incident response in that the goal is to collect evidence that can be admissible in a court law in order to seek prosecution of perpetrators. The are several elements that comprise forensic principles:
Evidence must not be altered as a result of collection or analysis.
Personnel involved in evidence collection and analysis must be qualified.
The chain of custody for evidence must be documented.
Evidence must be authentic, accurate, and complete. In short, it must tell the whole story in order to be convincing and admissible.