What are two general ways in which computers are involved in security violations?
Answer: First, a computer can be used in the commission of crimes or violations of policy. Second, a computer can be the target of an attack.
What is computer evidence?
Answer: Any computer hardware, software, or data that can be used to prove one or more or of the five Ws and one H of a security incident (i.e., who, what, when where, why, and how).
What is an incident response team?
Answer: A team of individuals trained and prepared to recognize and immediately respond appropriately to any security incident.
What is real evidence?
Answer: Any physical objects that you can bring into court . Real evidence can be touched, held, or otherwise observed directly.
What is documentary evidence?
Answer: Written evidence, such as printed reports or data in log files. Such evidence cannot stand on its own and must be authenticated.
What is demonstrative evidence?
Answer: Evidence that illustrates, helps explain, or demonstrates other evidence. Many times, demonstrative evidence consists of some type of visual aid.
What is a subpoena?
Answer: A court order that compels an individual or organization to surrender evidence.
What is a search warrant ?
Answer: A court order that allows investigators to search and/or seize computer equipment without providing advance warning to the equipment owner.
What is the chain of custody?
Answer: Documentation of all steps that evidence was taken from the crime scene to the courtroom. All steps include collection, transportation, analysis, and storage processes. All accesses of the evidence must be documented as well.
What is admissible evidence?
Answer: Evidence that meets all regulatory and statute requirements, and has been properly obtained and handled.