Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
5.5.5  MAC/DAC/RBAC
Previous Page
Pages in Current Topic/Section
1
2
Next Page
5.6.1  Chain of Custody
Next Topic/Section

5.6  Computer Forensics
(Page 1 of 2)

Computer forensics involves the application of investigation and analysis techniques that comply with a legal system. The U.S. Department of Justice working in conjunction with a number of groups including the Technical Working Group for Electronic Crime Scene Investigation has created a 93 page PDF that appears to be accepted internationally448. A large percentage of the PDF is resources, which are handy. It will not take you a great deal of time to read what to do in the first moments of responding without destroying evidence.

[spacer]Computer Forensics = Deep Specialty

This particular sub-topic has been one that piqued my (Tcat’s) curiosity. Enough so, to have made the trek to a conference to hear what the top college computer science departments and experts from around the world had to say. The bottom line is it is a challenging career. For more overall data, or if you are in law enforcement, consider Scene of the Cybercrime by Debra Shinder a must read: www.sceneofthecybercrime.com


The Cyber crime scene is no different than a physical crime scene in the sense that from a legal standpoint the protection of evidence is critical449. In fact, evidence figures prominently in the “three A’s” of computer forensics, which are:

  • Acquire the evidence without altering or damaging the original data (covered in section 5.6.1).

  • Authenticate that your recorded evidence is the same as the original seized data (covered in section 5.6.2).

  • Analyze the data without modifying the recovered data (covered in section 5.6.3).

Data analysis tools include the open source offering The Corner’s Toolkit (TCT) available from: http://www.fish.com/tct/FAQ.html.

As with many computing topics, once you get started with descriptive models, you can run into a nearly endless variety of them. To illustrate this point, the International Association of Computer Investigative Specialists (IACIS), a computer forensics group made up entirely of law enforcement professionals (who have a great domain name450), puts it a bit differently, with the following essential requirements for a computer forensic examination.

  • Forensically sterile examination media must be used (“Acquire”, above).

  • The examination must maintain the integrity of the original media (“Authenticate” and “Analyze”).

  • Printouts, copies of data and other exhibits must be properly marked, controlled and transmitted (an addition).

Quick navigation to subsections and regular topics in this section



 __________________

448. http://www.iwar.org.uk/ecoespionage/resources/cybercrime/ecrime-scene-investigation.pdf - Electronic Crime Scene Investigation: A Guide for First Responders

449. Kruse, Warren G. and Jay G. Heiser, Computer Forensics Incident Response Essentials, Addison-Wesley, September, 2001, http://www.nerdbooks.com/item.html?id=0201707195

450. http://www.cops.org (Yes, this truly is the web site of IACIS!)

Previous Topic/Section
5.5.5  MAC/DAC/RBAC
Previous Page
Pages in Current Topic/Section
1
2
Next Page
5.6.1  Chain of Custody
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.