Incident documentation Documentation is needed to provide evidence and for post

Incident documentation documentation is needed to

This preview shows page 68 - 78 out of 85 pages.

Incident documentation Documentation is needed to provide evidence and for post- incidence review Some sources of evidence/documentation come from video surveillance systems, electronic security monitoring systems, handwritten journals, service logs, telephone logs, interviews, etc. C4DLab Develop an incident timeline Each event must be supported by the original documents – this is crucial
Image of page 68
Sources of Information Help desk logs Network logs System logs Administration logs Physical access logs Accounting logs C4DLab Audit logs Security logs Backups Staff clock logs Staff
Image of page 69
Computer forensics investigations C4DLab
Image of page 70
Computer forensics investigations Electronic record : any data that is recorded or preserved on any medium in or by a computer system or other similar device, that can be read or perceived by a person or a computer system or other similar device. It includes a display, printout or other output of that data. Computer Forensics: Computer forensics is the scientific examination and analysis of data held on, or retrieved from, C4DLab computer storage media in such a way that the information can be used as evidence in a court of law. Anti-forensics is the process of cybercriminals getting into a targeted environment and hacking the forensics tools themselves.
Image of page 71
Computer forensics investigations & Incident handling Handling data under investigation For hand held devices, mobile phones For computers, servers and laptops Any other computing devices C4DLab
Image of page 72
Computer forensics investigations: Some history Early in 1970’s students discovered how to gain unauthorized access to large timeshared computer systems. 1978 the Florida Computer Crime Act was the 1st law to help deal with computer fraud and intrusion. C4DLab Employees at a dog track used a computer to print fraudulent winning tickets. The act also defined all unauthorized access as a crime. 1984 US Federal Computer Fraud and Abuse Act was passed. (Morris Worm 1988)
Image of page 73
Properties of digital evidence Digital evidence is any data stored or transmitted using a computer that supports or refutes a theory of how an offense occurred or that addresses critical elements of the offense such as intent or alibi. ( Casey, C4DLab Eoghan. Digital Evidence and Computer Crime, p12 ) Extremely fragile, similar to a fingerprint.
Image of page 74
Properties of digital evidence “Latent” : it can not been seen in it’s natural state, much like DNA. Any actions that can alter, damage or destroy digital evidence will be scrutinized by the courts. C4DLab Is often constantly changing and can be very time sensitive Can transcend borders with ease and speed
Image of page 75
Recognizing Potential Evidence There are many ways: 1. Contraband or fruits of a crime Stolen Computer Equipment Stolen Software 2. A tool of the offense C4DLab Theft committed using computer Fraud committed using computer E-mail sent from a computer Sex offense committed after being arranged on computer Fraudulent money or ID’s made with computer
Image of page 76
Recognizing Potential Evidence (cnt) 3. Only incidental to the offense
Image of page 77
Image of page 78

You've reached the end of your free preview.

Want to read all 85 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture