Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:01
greetings and welcome back to Siberia is calm. Tia Certified van Security practice. Ners certification. Preparation course
00:11
we go hurting our discussion of marginal 11 which is Tyler. Instant response.
00:16
He had objectives, which encompasses margin. Um 11. Let's not turn on, tend to our discussion off Section three. Understand and support forensic investigations
00:29
before we get going. This particular presentation. It's most appropriate if we begin with this pre assessment question, and the question is as follows.
00:38
Which of the following help to prove that collect Everything has been control. Senses were collected. Is it eh?
00:46
Chain of custody.
00:47
Be
00:48
confit application.
00:50
See a decaf application or audit logs?
00:55
If you said like today, you're absolutely correct, it's called a chain of custody.
01:00
Let's begin by first are taking a look at an overview in terms up physical forensic
01:04
when you're like a dental forensics. In fact, it's the process of uncover interpreting electric data. The goal Other prices to preserve any evidence is most original form while performer a structure investigation by collecting, identified and validate the desert information for the purpose of reconstructing
01:23
past events,
01:27
forensic investigations in the morning Gavin and analyzing all crime related physical evidence in order to come to a conclusion about a suspect
01:37
investigation, will look at blood. They could look at fluid fingerprints, residue, hard drives. Computers are other technology to establish how a crime took place.
01:49
This brings us to forensic principles. Now when you look at visible forensics, basically it's a deal specifically the principle that holds that any perpetrator off and choose and leaves behind a trace evidence within the system.
02:04
This trace evidence may be used to identify
02:07
the attacker
02:10
in terms of gas lines and forensic investigation.
02:14
First of all, you would identify the evidence. Other words, you would have responded. Individuals must begin document everything that they five at the incident scene. That will should happen during an investigation. There was record effects, and they present themselves, such as the location devices, witness statements, obvious evidence and suspected evidence
02:32
evidence owners as well as the nature of the incident.
02:37
Then we come to collecting or choir into evidence.
02:39
You must adhere to a proper
02:43
evidence collection and documentation techniques while minimizing incident. Scene contamination, obviously is very important,
02:51
become to examine all analyzing evidence. The evidence is investigated, analyzed using sound scientific tests and methods which are, except we're both in the forensic community as well as a court of law.
03:04
Fourth of Presentation of Evidence and Findings. Forensic examiners must present their evidence findings and professional opinion and documentation, such as court presentations and legal brief.
03:15
Quite often, forensic investigators are required to testify as expert witnesses,
03:23
evidence collection and preservation.
03:25
Other words written, looking collect Now when you think about collected in terms of evidence, that means to identify you must label you must record and acquire data from the possible sources of relevant data while following guidelines and procedures that are preserved.
03:39
What we want to do, in fact, preserve the oboe integrity off the data
03:44
preservation. Other words wouldn't prevent the prosecutor's evidence being what
03:49
this destruction occur, or any type of alteration of the evidence. When investigation little Gates is neither in the process or might come to pass in the future, we'll make sure we preserve that evidence
04:00
in the state. That it was at the time of the particular investigation,
04:05
therefore, is the evidence lifecycle. Here's the process. First, all you collect or sees the evidence,
04:11
then you transport the evidence not doing the transportation of evidence. We must ensure that no point in time the chain of custody is broken. We almost sure we protect the store, the evidence and then sequentially analyze the evidence
04:25
not for the digital forensic techniques of some techniques that need to be a well. First of all, let's take a look. The term called bit screen image.
04:32
When you think about making a bit screen image of this, it's a clone copy of it.
04:36
It compass virtually everything, including a drive including its sectors that clusters, which makes it possible to tree fouls up when it lead it. From the drive,
04:46
we have Martin of the Longs. This would have busted identify security events that occurred on might occur.
04:51
Data recovery is a process of savaging, retrieving or inaccessible loss, corrupted damage or format data from secondary storage, removable media or files when the data stored in them cannot be assessed in a normal way, so we won't have a method by which want to uncover that information.
05:10
Then we have a fire header. Investigation is the first part of the fire sculpture, which contained coded information that the computer reads when it first opens the foul,
05:20
while as a follow stitch it is. There's a last week character that appear in the right of the period of the foul. The fire would be more reliable because they can change the file extension on Lee filed by simply save it with a different file extension. So we want to investigate the fire head as well.
05:41
And the next night we have a list of some different types of what we call disco forensic tools that we have available out there.
05:46
Here in this chart at Mr Name
05:49
I list a platform.
05:51
The license is was a brief description. Let's take a look at one of these here.
05:56
First of all, I'll take a look at FT cake.
05:59
FBK works on a oneness platform
06:01
licenses preparatory.
06:03
He has a multiple is a motor purpose, too.
06:06
A f t kill for institute is a court cited digital investigation platform, built for speed sto building as well, its ease of use.
06:15
Another thing that's very important, particularly you under Gordon, are involved in investigation is a term called chain of custody.
06:24
Our chain of custody referred to a forensic principle whereby each movement or transferred that must be recorded and law appropriately at no time must have changed his rub it if it iss
06:34
what happens? The evidence of no use. Every should be appropriate identified, including the circumstances under which it was collected.
06:43
Who collected it? A detailed description of other important information. In most cases, evidence is packed in what we call poly bags for transport to the forensic laboratory or the storage location.
06:56
Now we go into the process of actually analyse important assessment results.
07:00
Wanted. First forensic examiner is performing the examination of evidence they will allow the character ever is to leave various suppositions and potential collusion. Possibility.
07:10
This is interpretation process that the forensic, as we used to determine the importance or the significant various pieces off the evidence information
07:19
This race is now two are post assessment questions for this particular section here,
07:25
and the question is as follows
07:27
which one of the father is most likely to be performed during a feedback loop
07:30
in an instant. Handleman process is eight. Before my lesson learned review be escalation,
07:38
see hashing
07:39
or D chain of custody.
07:44
The quite responses. You will perform what we call a lesson learned review.
07:48
Now, during this particular presentation, you specifically discuss, understand and support a forensic investigation.
07:58
In our upcoming presentation, we've been moving on to Section four, which is titled Understand and Support Business Continuity, or B C. P and a disaster recovery plan.
08:09
Look forward to seeing your future training present patients.

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor