Computer Forensics

  1. Computer Forensics (def)
    obtaining and analyzing digital information for use as evidence in civil, criminal, admin cases
  2. Computer Forensics v. Data Recovery
    Data recovery involves locating and restoring data that was deleted due to a power surge etc. you know what to look for.  Forensics deals with recovering data that was intentionally deleted or hidden with the goal of using it for evidence (inculpatory or exculpatory).
  3. Disaster Recovery (def)
    computer forensic techniques used to retrieve information clients have lost. involves preventing data loss by using backups, uninterruptible power supply devices, or off site monitoring.
  4. Computer Investigations Triad
    Vulnerability assessment and risk management

    Network intrusion detection and incident response

    Computer investigations
  5. Enterprise Network Environment
    large corporate computing systems that might include disparate or formerly independent systems
  6. Vulnerability assessment and Risk Management Group
    test and verify the integrity if standalone work stations and servers. Requires skills in network intrusion detection and incident response.
  7. Network Intrusion Detection and Incident Response
    detects intruder attacks by using automated tools and monitoring network firewall logs manually. They track, locate, identify, and deny intrusion methods.
  8. Computer Investigations Group
    manages investigations and conducts forensic analysis of systems suspected of containing evidence related to a crime or incident
  9. List two categories of computer investigations and forensics
    public investigations and private/corporate
  10. Line of Authority
    Company policy that states who has the legal right to initiate an investigation and take possession of evidence
  11. Warning Banner
    appears on a computer screen when the computer starts or connects to the company intranet/network/VPN and informs end users that the organization reserves the right to inspect computers systems and network traffic at will.
  12. Authorized Requester
    a person authorized by the company to conduct investigations i.e. corporate security investigations, ethics office, EEOC, auditing, general counsel/legal department
  13. 3 types of common corporate investigations
    Abuse/misuse of computing assets

    Email abuse

    Internet Abuse
Card Set
Computer Forensics
Cyber and Computer Forensics Class