CCISO Certified Chief Information Security Officer All-in-One Exam Guide

Forensics and Digital Evidence

During the course of investigating a security incident, it is important to preserve the admissibility of evidence. The admissibility of evidence is determined by the judge when it is submitted to the court as part of a criminal or civil trial. To be admissible, evidence must be relevant and reliable, defined as follows:

• Relevant To be relevant, evidence must have a reasonable relationship to what happened. Joe’s browsing history may be relevant to the fact that copyrighted material not owned by him was found on his hard drive. A judge makes the determination of relevance, but the incident response or investigation team should assume everything is potentially relevant during an investigation.

• Reliable The ...

Get CCISO Certified Chief Information Security Officer All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCISO Certified Chief Information Security Officer All-in-One Exam Guide by Steve Bennett, Jordan Genung

Forensics and Digital Evidence

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly