May 2012
Beginner
342 pages
8h 6m
English
CHAPTER TWELVE
Investigation
Incident Closure
I think I did pretty well, considering I started out with nothing but a bunch of blank paper.
—Steve Martin
THE EFFORT REQUIRED in the next phases of an investigation is as systematic and thorough as any of those previously discussed. Although the process is fairly linear (see Figure 12.1), the “steps” of the investigative process are not necessarily successive or consecutive; they may overlap and vary depending upon case. Phases themselves allow for specific customization suiting various requirements: legal, lawful, corporate, or otherwise.
FIGURE 12.1 Steps in the Investigation Process
FORENSIC INVESTIGATIVE SMART PRACTICES
STEP 5: INVESTIGATION (CONTINUED)
“in•ves•ti•ga•tion”
1. The action of investigating something or someone; formal or systematic examination or research.
2. A formal inquiry or systematic study.
In some circumstances, a cyber forensic investigation could be defined as simply the action of extracting data to meet a given search criteria; something easily accomplished in an automated manner. This definition could certainly apply if under contractual obligation or court order. The “Sherlock Holmes” aspect of an investigation may not always present itself; the investigation may be strictly limited to the search criteria.
At times, a cyber forensic investigator can become over sensitized to the systematic nature ...