Join Sandra Toner for an in-depth discussion in this video Using forensic best practices, part of Learning Computer Security Investigation and Response.
- In this video, we'll take a look…at some overarching principles…in forensic science that need to be applied…to computer forensics.…We'll focus on chain of custody and planning.…Chain of custody is one of the most important…principles in forensic science.…Most labs will require that you maintain documentation…on who has had access to the evidence,…where it's been, and what actions have been taken.…When possible, use photos or videos…to show the original state,…especially before you remove anything.…
Without the complete chain of custody,…it gets pretty easy for your opposing prosecutor…to challenge or dismiss the evidence…that you've presented in court.…Having a complete chain of custody form…as well as any other forms or documentation,…including visual proof of retrieval,…really helps prove the authenticity…and admissibility of the evidence…in a courtroom.…Let's take a look at an example…of a chain of custody form,…developed at a national institute…for standards in technology.…This form was developed to be used…
Author
Sandra Toner
Released
12/16/2015This course covers the basics of computer forensics and cyber crime investigation. Author Sandra Toner provides an overview of forensic science, and discusses best practices in the field and the frameworks professionals use to conduct investigations. Then, after showing how to set up a simple lab, Sandra describes how to respond to a cyber incident without disturbing the crime scene. She dives deep into evidence collection and recovery, explaining the differences between collecting evidence from Windows, Mac, and Linux machines. The course wraps up with a look at some of the more commonly used computer forensics software tools.
- Applying science to digital investigations
- Understanding forensic frameworks
- Defining cyber crime: harassment, hacking, and identity theft
- Setting up a forensic lab
- Responding to cyber incidents
- Collecting and recovering evidence
- Examining networks for evidence
- Applying forensics to Windows, Mac, and Linux
- Working with forensics tools
Skill Level Beginner
Duration
Views
-
Introduction
-
Welcome33s
-
-
1. Understanding Forensic Science
-
Identifying digital evidence2m 20s
-
2. Defining Cyber Crime
-
Classifying cyber crime1m 52s
-
Defining identity theft3m 35s
-
Examining cyber harassment4m 28s
-
-
3. Setting Up a Forensic Lab
-
Building a knowledgebase2m 43s
-
Working with evidence1m 28s
-
Equipping the lab1m 23s
-
Selecting forensic software2m 50s
-
-
4. Responding to a Cyber Incident
-
Discovering an incident2m 59s
-
Preserving evidence2m 9s
-
Reporting cyber incidents4m 28s
-
-
5. Collecting Evidence
-
Following protocol2m 25s
-
Storing evidence2m 28s
-
Imaging evidence1m 59s
-
-
6. Recovering Evidence
-
Finding hidden data4m 44s
-
Resurrecting data2m 36s
-
Working with damaged media2m 39s
-
Viewing browser history2m 11s
-
-
7. Network-Based Evidence
-
Checking out firewall logs1m 17s
-
Detecting network intrusion2m 10s
-
Examining router evidence1m 42s
-
-
8. Windows Forensics
-
Finding Windows directories1m 54s
-
9. Macintosh Forensics
-
Applying forensics to a Mac3m 17s
-
Checking out Mac logs2m 2s
-
Finding Mac directories1m 40s
-
-
10. Linux Forensics
-
Checking out Linux log files3m 40s
-
Finding Linux directories2m 28s
-
11. Forensic Tools
-
Conclusion
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Using forensic best practices