UCCN 1213 Chapter 7 Computer Forensic
3 Background Computer forensics is conducted for three purposes: Investigating and analyzing computer systems as related to violation of laws. Investigating and analyzing computer systems for compliance with an organization's policies. Investigating computer systems that have been remotely attacked.
4 Background Incident response is a subset of these activities. If an unauthorized individual remotely attacks a system, laws may be violated. A company employee performing similar acts may or may not violate laws and corporate policies. Computer forensics actions may deal with legal violations and investigations and go to court. Minor procedural missteps have significant legal consequences.
5 Evidence Evidence consists of documents, verbal statements, and material objects admissible in a court of law. It is critical to convince management, juries, judges, or other authorities that some kind of violation has occurred.