Computer Forensics
Introduce techniques for obtaining and preserving computer evidence.
Forensics is the use of science and technology to investigate and establish facts that can be used in court. When using forensics for computer incidents, the one objective is to preserve evidence from the earliest moment possible.
Collection and preservation of evidence is best performed by forensics experts with special training. Consider calling in outside experts.
Still, staff who are not forensics experts can aid an investigation by keeping a disciplined, detailed journal of what happened during an incident and when the events occurred. Secure files that log activities on a network can be powerful evidence for use in investigations and court. The more ...
Get CISSP Training Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
