System Forensics, Investigation,
and Response
Chapter 1
Introduction to Forensics
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
�Learning Objectives
Summarize the basic principles of
computer forensics.
Summarize important laws regarding
computer forensics.
System Forensics, Investigation, and Response
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 2
�Key Concepts
The chain of custody
Hardware and networking knowledge used
in forensics
Laws related to computer forensics
System Forensics, Investigation, and Response
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 3
�Computer Forensics
A subset of forensics
• Forensics: Using science to process
evidence for the purpose of establishing the
facts in a case
Focuses on extracting data from electronic
devices
Objective is to recover, analyze, and
present electronic data to be used as
evidence
System Forensics, Investigation, and Response
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 4
�The Seven Domains of a Typical
IT Infrastructure
© Jones & Bartlett Learning
System Forensics, Investigation, and Response
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 5
�Process in Computer Forensics
Collecting
System Forensics, Investigation, and Response
Analyzing
Presenting
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 6
�Collecting
Maintain the chain of custody from point of
seizure to the moment it is shown in court
by recording where it was, how it was
stored, and who had access to it.
Don’t touch the suspect...