obtaining and analyzing digital information for use as evidence in civil, criminal, admin cases
Computer Forensics v. Data Recovery
Data recovery involves locating and restoring data that was deleted due to a power surge etc. you know what to look for. Forensics deals with recovering data that was intentionally deleted or hidden with the goal of using it for evidence (inculpatory or exculpatory).
Disaster Recovery (def)
computer forensic techniques used to retrieve information clients have lost. involves preventing data loss by using backups, uninterruptible power supply devices, or off site monitoring.
Computer Investigations Triad
Vulnerability assessment and risk management
Network intrusion detection and incident response
Enterprise Network Environment
large corporate computing systems that might include disparate or formerly independent systems
Vulnerability assessment and Risk Management Group
test and verify the integrity if standalone work stations and servers. Requires skills in network intrusion detection and incident response.
Network Intrusion Detection and Incident Response
detects intruder attacks by using automated tools and monitoring network firewall logs manually. They track, locate, identify, and deny intrusion methods.
Computer Investigations Group
manages investigations and conducts forensic analysis of systems suspected of containing evidence related to a crime or incident
List two categories of computer investigations and forensics
public investigations and private/corporate
Line of Authority
Company policy that states who has the legal right to initiate an investigation and take possession of evidence
appears on a computer screen when the computer starts or connects to the company intranet/network/VPN and informs end users that the organization reserves the right to inspect computers systems and network traffic at will.
a person authorized by the company to conduct investigations i.e. corporate security investigations, ethics office, EEOC, auditing, general counsel/legal department