Computer Forensics

Investigations Triad

-Vulnerability/Threat Assessment and Risk Management -Network Intrusion/Detection and Incident Response -Digital Investigations

bit-stream copy

A bit-by-bit duplicate of data on the original storage medium. This process is usually called "acquiring an image" or "making an image."

Digital Evidence Specialist (DES)

An expert who analyzes digital evidence and determines whether additional specialists are needed.

authorized requester

In a private-sector environment, the person who has the right to request an investigation, such as the chief security officer or chief intelligence officer.

public-sector investigations

involve government agencies responsible for criminal investigations and prosecution

private-sector investigations

involve private companies and lawyers who address company policy violations and litigation disputes

Digital Evidence First Responder (DEFR)

A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.

Digital Forensics

Applying investigative procedures for a legal purpose; involves the analysis of digital evidence as well as obtaining search warrants, maintaining a chain of custody, validating with mathematical hash functions, using validated tools, ensuring repeatability, reporting, and presenting evidence as an expert witness.

Network Intrusion/Detection and Incident Response

Detecting attacks from intruders by using automated tools; also includes the manual process of monitoring network firewall logs.

Bit-stream image

The file where the bit-stream copy is stored; usually referred to as an "image," "image save," or "image file."

Digital Investigations

The process of conducting forensic analysis of systems suspected of containing evidence related to an incident or a crime.

Vulnerability/Threat Assessment and Risk Management

determines the weakest points in a system. It covers physical security and the security of OSs and applications.