5.6 Computer Forensics
(Page 1 of 2)
Computer forensics involves the application of investigation and analysis techniques that comply with a legal system. The U.S. Department of Justice working in conjunction with a number of groups including the Technical Working Group for Electronic Crime Scene Investigation has created a 93 page PDF that appears to be accepted internationally448. A large percentage of the PDF is resources, which are handy. It will not take you a great deal of time to read what to do in the first moments of responding without destroying evidence.
The Cyber crime scene is no different than a physical crime scene in the sense that from a legal standpoint the protection of evidence is critical449. In fact, evidence figures prominently in the three As of computer forensics, which are:
Data analysis tools include the open source offering The Corners Toolkit (TCT) available from: http://www.fish.com/tct/FAQ.html.
As with many computing topics, once you get started with descriptive models, you can run into a nearly endless variety of them. To illustrate this point, the International Association of Computer Investigative Specialists (IACIS), a computer forensics group made up entirely of law enforcement professionals (who have a great domain name450), puts it a bit differently, with the following essential requirements for a computer forensic examination.
448. http://www.iwar.org.uk/ecoespionage/resources/cybercrime/ecrime-scene-investigation.pdf - Electronic Crime Scene Investigation: A Guide for First Responders
449. Kruse, Warren G. and Jay G. Heiser, Computer Forensics Incident Response Essentials, Addison-Wesley, September, 2001, http://www.nerdbooks.com/item.html?id=0201707195
450. http://www.cops.org (Yes, this truly is the web site of IACIS!)
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.