Video Description

In this video we examine the seven steps of evidence collection:

  • Identification - identify something a evidence from what's left behind such as fingerprints and DNA as well as what was taken.
  • Preservation - the chain of custody must be documented and provide a history of how the evidence was handled since digital evidence can be easily manipulated. Hashing is used to verify that data remains unchanged.
  • Collection - it's important to limit evidence handling. Document using photos and taking an image of the system. We must always work fast since some data is volatile. It's also important to do things legally and respect the Fourth Amendment.
  • Examination - just the facts!
  • Analysis - look for meaning in the data in order to find the "what" of the investigation.
  • Decision - the final verdict from trial.

Course Modules

ISC2 Certified Cloud Security Professional (CCSP)