Basic Concepts of Forensics
Computer forensics, also called digital forensics, is the practice of collecting, analyzing, and reporting on digital data. Forensics can be used for the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics is part of CompTIA Security+ Certification and represents a vital procedure for IT incident handling teams since it allows to analyze security incidents through a scientific approach. This article focuses on the basic concepts in computer forensics.
Forensics is the process of using scientific knowledge to collect, analyze, and present evidence to the courts. The origin of the word forensics means “to bring to court.” Forensics deals primarily with the recovery and analysis of evidence. Evidence can take many forms. Evidence can be fingerprints left on a window to DNA evidence recovered from blood stains to the files left on a hard drive.
According to the US-CERT, “Computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.”
In the digital world, organizations have used computer forensics to their benefit in several contexts, such as intellectual property theft, industrial espionage, fraud investigations, and forgeries.
In the last few years, several cyber incidents have increased in number and severity. When a cyber incident occurs, the incident response team responds with a set of predetermined actions. This team has responsibilities in monitoring, incident handling and reporting when a security breach is identified, or an attack has been detected — and the forensics (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pedro Tavares. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/I9fmqLhBWUs/