Chapter 3: ComputerEvidence

Previous page
Table of content
Next page

In This Chapter

  • Describing computer evidence

  • Addressing evidence handling issues

  • Identifying evidence

  • Collecting evidence

  • Maintaining the chain of custody

  • Ensuring evidence admissibility

  • Methods of preserving evidence state

In this chapter, you'll learn about computer evidence-what it is and what makes it different from regular evidence. You'll also learn how to identify, collect, handle, and present evidence in and out of court .

Simply put, evidence is something that provides proof. You'll need evidence to prove that someone attacked your system. Without evidence, you only have a hunch. With evidence, you might have a case. Good, solid evidence can answer several of the five Ws and an H of security violations: who, what, when, where, why, and how. You'll use the evidence you collect to further the discovery of the facts in an investigation. That same evidence might provide the proof necessary to result in a legal finding in your favor. Understanding computer evidence is the first step in successfully investigating a security violation.



Previous page
Table of content
Next page
Computer Forensics JumpStart
Computer Forensics JumpStart
ISBN: 0470931663
EAN: 2147483647
Year: 2004
Pages: 153
Authors: Michael G. Solomon, K Rudolph, Ed Tittel, Neil Broom, Diane Barrett
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Adobe After Effects 7.0 Studio Techniques
Network Security Architectures
InDesign Type: Professional Typography with Adobe InDesign CS2
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy