Computer Forensics Process Phase

 

 

Computer Forensics Process Phase

·         Pre Investigation

·         Investigation

·         Post Investigation

Digital Evidence

 Digital Evidence 

هو دليل يحتوى على معلومات ذات صلة بالهجوم الذى حدث بمؤسستك Any Logs From “Ram-Hard-Traffic”  

Characteristics of evidence

 

Characteristics of evidence

·         Admissible

·         Authentic

·         Complete

·         Reliable

·         Believable

Very Important Rules of digital forensics

 

 

Very Important Rules of digital forensics

·         Rule 1. An examination should never be performed on the original media.

·         Rule 2. A copy is made onto forensically sterile media. New media should always be used if available.

·         Rule 3. The copy of the evidence must be an exact, bit-by-bit copy. (Sometimes referred to as a bit-streamcopy).

·         Rule 4. The computer and the data on it must be protected during the acquisition of the media to ensure that the data is not modified. (Use a write blocking device when possible)

·         Rule 5. The examination must be conducted in such a way as to prevent any modification of the evidence.

·         Rule 6. The chain of the custody of all evidence must be clearly maintained to provide an audit log of whom might have accessed the evidence and at what time.

Cyber Crimes Type

 

Cyber Crimes Type

·         Internal Attack

·         External Attack

Why Computer Forensics

 

Why Computer Forensics

تتبع متسببى الهجوم

كيف حدث الهجوم

الخسائر الناتجة عن الهجوم