From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Chain of custody
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Chain of custody
- [Narrator] When evidence is used in court or another formal setting, both parties involved in a dispute have the right to ensure that the evidence presented has not been tampered with during the collection, analysis, or storage process. We've already discussed how hashing can be used to verify the digital evidence hasn't changed. The chain of custody also plays an important role in ensuring the authenticity of evidence. The chain of custody, also known as the chain of evidence, provides a paper trail that tracks each time someone handles a piece of physical evidence. In the case of digital forensics, this might include the original hard drive or other primary evidence collected by investigators and used in later analysis. When collecting physical evidence, it should always be placed in an evidence storage bag that is labeled with the date, time and location of collection, the name of the person collecting the evidence…
Contents
-
-
-
-
-
-
(Locked)
Conducting investigations3m 50s
-
(Locked)
Evidence types3m 28s
-
(Locked)
Introduction to forensics3m 21s
-
(Locked)
System and file forensics4m 26s
-
(Locked)
File carving3m 46s
-
(Locked)
Creating forensic images5m 30s
-
Digital forensics toolkit2m 25s
-
(Locked)
Operating system analysis6m 9s
-
(Locked)
Password forensics7m 16s
-
(Locked)
Network forensics4m 1s
-
(Locked)
Software forensics4m 25s
-
(Locked)
Mobile device forensics1m 10s
-
(Locked)
Embedded device forensics2m 30s
-
(Locked)
Chain of custody1m 50s
-
(Locked)
Ediscovery and evidence production3m 3s
-
(Locked)
Exploitation frameworks6m 4s
-
(Locked)
-