CS6963 WK11

CS6963 WK11 - Page 1 of 9 CS6963-WEEK 11 Digital forensics...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Page 1 of 9 CS6963-WEEK 11 Digital forensics tools generally provide three main capabilities : Acquisition/collection/preservation : Make a sector-by-sector copy of the hard drive and run checks against those images to verify it's an exact copy of the original. Search/analysis : Identify, analyze and keyword-search all relevant data, including deleted, encrypted, hidden, protected and temporary files, as well as virtual memory, application settings, printer spools, etc. Some packages can also detect which Web ports are open and which processes are running. Reporting : Create a detailed report, including a full audit log. This can help address compliance with Sarbanes-Oxley and other regulations. Digital Forensics Dos and Don'ts DON'T confuse e-discovery with forensics. Some vendors of forensics suites are marketing their tools for e-discovery because, in fact, the steps involved with forensics work are actually subsets of the e-discovery process, as defined by the Electronic Discovery Reference Model . The EDRM defines forensics as: encompassing identification, preservation and collection the three steps of its overall model, which also includes information management, review, analysis, production and presentation . Page 2 of 9 http://www.csoonline.com/article/374763/Rules_of_Evidence_Digital_Forensics_ Tools Rules of Evidence - Digital Forensics Tools Searching for clues? Here's how to investigate and use digital forensics and e- discovery tools Comments (3) By Mary Brandel June 04, 2008 Digital forensics tools are intended to help security staff, law enforcement and legal investigators identify, collect, preserve and examine data on computer hard drives related to inappropriate and illegal activity, such as cybercrime, e-mail and Internet abuse, fraud , financial mismanagement, unauthorized disclosure of corporate information, intellectual property theft , and so on. Increasingly, these tools are also being applied to e-discovery efforts related to civil litigation and regulatory compliance. Forensics tools are often confused with other classifications of tools, such as incident management , e-discovery and data recovery. [For a quick look at the major forensic software providers, see The Usual Suspects .] But while they can be used for those purposes, the difference is that they abide by formal evidence processing protocols such as maintaining a chain of custody and avoiding the alteration or compromise of evidence, enabling any findings to be successfully used in a court of law. In short, while you can apply forensics tools to nonforensics work, it can be risky to use nonforensics tools. "If the evidence you've collected is not defensible in Page 3 of 9 court, you've severely limited its later applicability," says Jay Heiser, research VP and analyst at Gartner....
View Full Document

Page1 / 9

CS6963 WK11 - Page 1 of 9 CS6963-WEEK 11 Digital forensics...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online