Dis c lai m er
• Even though this class touches on quite a few legal topics - nothing should be
construed as advice or legal instruction
• Before performing many of the skills
learned this week on a computer other
than your own, you may need to seek
permission (possibly written) and or
seek advice from your own legal
counsel.
Forensics
Whereas computer forensics is defined as
"the collection of techniques and tools used to find evidence in a computer",
digital forensics has been defined as
"the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operation”.
What is Cyberforensics?
• This really depends on the point of view
• Traditionally Cyber forensics involves the
- preservation,
- collection,
- validation,
- identification,
- analysis,
- interpretation,
- documentation and
- presentation
• of computer evidence stored on a computer.
• "Forensics is the application of science to the
legal process."
- Jim Christy, DCCI 8
Rapid-Response
Cyberforensics
• Characterized by:
- Live-response
- Military-type contexts
• But not of necessity
- Judicious a priori planning
• Prior strategic incident response planning
• Requisite training in
- Basic forensic procedures
- Live-response
- Network forensics
• Continued updating of skills as technology
changes
• Technically adept with a diversity of tools &
toolkits
9
Viewpoint
• According to the CFEWG curriculum
group there are three perspectives of
cyberforensics
- Law enforcement
• FBI/IRS
- Business/Industry
• Cisco
- Military/counterintelligence
• AF OSI/NSA
• Although not mutually...