Chapter 3: ComputerEvidence


In This Chapter

  • Describing computer evidence

  • Addressing evidence handling issues

  • Identifying evidence

  • Collecting evidence

  • Maintaining the chain of custody

  • Ensuring evidence admissibility

  • Methods of preserving evidence state

In this chapter, you'll learn about computer evidence-what it is and what makes it different from regular evidence. You'll also learn how to identify, collect, handle, and present evidence in and out of court .

Simply put, evidence is something that provides proof. You'll need evidence to prove that someone attacked your system. Without evidence, you only have a hunch. With evidence, you might have a case. Good, solid evidence can answer several of the five Ws and an H of security violations: who, what, when, where, why, and how. You'll use the evidence you collect to further the discovery of the facts in an investigation. That same evidence might provide the proof necessary to result in a legal finding in your favor. Understanding computer evidence is the first step in successfully investigating a security violation.




Computer Forensics JumpStart
Computer Forensics JumpStart
ISBN: 0470931663
EAN: 2147483647
Year: 2004
Pages: 153

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net