This preview shows page 1. Sign up to view the full content.
Unformatted text preview: chnology, and engineering
with law. When discussing computer forensics with others, you might hear the terms
digital forensics, network forensics, electronic data discovery, cyber forensics, and forensic computing. (ISC)2 uses computer forensics as a synonym for all of these other
terms, so that’s what you’ll see on the CISSP exam. Computer forensics encompasses all
domains in which evidence is in a digital or electronic form, either in storage or on the
wire. At one time computer forensics was differentiated from network and code analysis, but now this entire area is referred to as digital evidence.
As a forensics discipline, computer forensics is the new kid on the block. This,
paired with its complexity, may be the reason why many companies lack skills in this
area. Computer forensics does not refer to hardware or software. It is a set of specific
processes relating to reconstruction of computer usage, examination of residual data,
authentication of data by technical analysis or explanation of technical features of data,
and computer usage that must be followed in order for evidence to be admissible in
a court of law. This is not something the ordinary network administrator should be
carrying out. ch10.indd 887 12/4/2009 11:39:11 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 888
The people conducting the forensics investigation must be properly skilled in this
trade and know what to look for. If someone reboots the attacked system or inspects
various files, this could corrupt viable evidence, change timestamps on key files, and
erase footprints the criminal may have left. Most digital evidence has a short lifespan
and must be collected quickly in order of volatility. In other words, the most volatile or
fragile evidence should be collected first. In most situations, it is best to remove the
system from the network, dump the contents of the memory, power down the system,
and make a sound image of the attacked system and perform forensic ana...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12