07_-_Computer_Forensic.pdf - UCCN 1213 Chapter 7 Computer Forensic Computer Forensic Background Computer forensics is conducted for three purposes

07_-_Computer_Forensic.pdf - UCCN 1213 Chapter 7 Computer...

This preview shows page 1 - 13 out of 109 pages.

UCCN 1213 Chapter 7 Computer Forensic
Image of page 1
Computer Forensic
Image of page 2
3 Background Computer forensics is conducted for three purposes: Investigating and analyzing computer systems as related to violation of laws. Investigating and analyzing computer systems for compliance with an organization's policies. Investigating computer systems that have been remotely attacked.
Image of page 3
4 Background Incident response is a subset of these activities. If an unauthorized individual remotely attacks a system, laws may be violated. A company employee performing similar acts may or may not violate laws and corporate policies. Computer forensics actions may deal with legal violations and investigations and go to court. Minor procedural missteps have significant legal consequences.
Image of page 4
5 Evidence Evidence consists of documents, verbal statements, and material objects admissible in a court of law. It is critical to convince management, juries, judges, or other authorities that some kind of violation has occurred.
Image of page 5