In this video we examine the seven steps of evidence collection:
- Identification - identify something a evidence from what's left behind such as fingerprints and DNA as well as what was taken.
- Preservation - the chain of custody must be documented and provide a history of how the evidence was handled since digital evidence can be easily manipulated. Hashing is used to verify that data remains unchanged.
- Collection - it's important to limit evidence handling. Document using photos and taking an image of the system. We must always work fast since some data is volatile. It's also important to do things legally and respect the Fourth Amendment.
- Examination - just the facts!
- Analysis - look for meaning in the data in order to find the "what" of the investigation.
- Decision - the final verdict from trial.
ISC2 Certified Cloud Security Professional (CCSP)
This online course will guide you through the contents of the CCSP certification exam. Obtaining your CCSP certification shows that you are a competent, knowledgeable, cloud security specialist who has hands-on experience in the field.