VIDEO
HIGHLIGHT
Log InSign up
Evidence Analysis and Handling (CISSP Free by Skillset.com)
SummaryTranscriptChat

Evidence Analysis and Handling (CISSP Free by Skillset.com)

Evidence Analysis and Handling

Understanding Evidence in Court

  • Evidence is material presented to a court to prove the truth or falsity of facts related to a crime.
  • Best evidence directly proves an individual's negligence or responsibility for committing a crime.

Requirements for Admissibility of Evidence

  • For evidence to be admissible, it must be authentic, accurate, complete, convincing, and maintain a proper chain of custody.
  • The chain of custody details who obtained the evidence, where it was found, when it was collected, and how it was stored.

Security and Storage of Evidence

  • Maintaining security from collection until trial is crucial; any lapse may render evidence inadmissible.
  • Evidence is typically stored in monitored vaults with alarm systems or video surveillance to prevent tampering.

The Evidence Life Cycle

  • The journey of evidence includes collection, identification, protection (e.g., labeling with case numbers), and secure storage in tamper-proof bags.
  • Forensic copies are made from original evidence for analysis to protect against destruction or tampering during examination.

Preservation and Transportation of Evidence

  • Evidence must be protected from environmental damage (extreme temperatures, humidity) during transport; immediate transfer to secure facilities is essential.
  • Leaving evidence unattended can lead to potential tampering; thus direct transportation after collection is critical.

Digital Forensics Process

  • Examiners analyze various types of digital media including RAM, hard drives, CDs/DVDs/Blu-ray discs, and external storage devices like USB drives.
  • Backups should also be reviewed as they may contain deleted data that could serve as critical evidence if recent backups exist before deletion occurred.

Ensuring Integrity During Examination

  • Examiners use write blockers to prevent changes to original media while making exact copies for analysis purposes.
  • Network logs from routers and firewalls can provide valuable information about incidents involving network attacks or data exfiltration attempts.

Importance of Configuration Checks

  • It’s vital to ensure that network equipment settings are restored post-examination since intruders might have altered them for undetected access during an attack.

Digital Forensics: Evidence Collection and Analysis

Analyzing System Configuration and Software

  • Digital forensics involves analyzing system configurations and software to identify potential evidence such as viruses, email messages, files, logs, timestamps, and metadata.
  • Browsers maintain internet history which can provide insights into user activity during an incident; software logs reveal actions taken by users accessing unauthorized software.

Utilizing Hashing Algorithms

  • Hashing algorithms create digital fingerprints for files, allowing investigators to ignore known operating system files (e.g., Windows 7) during investigations to focus on relevant data.

Importance of Mobile Devices in Investigations

  • Smartphones are significant sources of evidence due to the vast amount of data they store, including photos, call logs, and contacts.
  • To preserve data integrity during analysis, devices should be placed in airplane mode instead of being turned off; this prevents remote wiping or modification.

Data Recovery Techniques

  • Special forensic tools can decrypt encrypted data or perform brute force attacks on passwords; however, these methods may require considerable time.
  • Flash memory from SD cards or USB drives can often recover deleted information using advanced techniques like chip-off forensics.

Traditional Evidence Collection Methods

  • Physical evidence such as fingerprints or DNA can be collected from devices. Fingerprinting keyboards or mice helps establish user interaction with the device.
  • Proper handling of evidence is crucial; gloves should be worn to avoid contaminating samples with personal fingerprints or DNA.

Electronic Discovery (eDiscovery)

  • eDiscovery refers to producing electronically stored information as court-required evidence. Organizations must maintain an electronic inventory and control their assets effectively.
  • Data retention policies are essential; organizations should define what data needs storage duration and ensure compliance with legal requirements regarding data preservation.

Responsibilities in Data Management

  • Managers are responsible for ensuring proper backup procedures are followed and that all data is labeled correctly. Documentation is critical for proving correct handling in court.
  • It’s vital that organizations only retain data beyond specified periods if legally mandated by a court order; otherwise, adherence to retention policies is necessary.

This concludes the notes on digital forensics related to evidence collection and analysis.

Video description

This Evidence Analysis and Handling training video is part of the CISSP FREE training course from Skillset.com (https://www.skillset.com/certifications/cissp). Skillset helps you pass your certification exam. Faster. Guaranteed. https://www.skillset.com Topic: Evidence Analysis and Handling Skill: Computer Forensics Fundamentals Skillset: Security Operations Certification: CISSP Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam. + Unlimited access to thousands of practice questions + Exam readiness score + Smart reinforcement + Focused training ensures 100% exam readiness + Personalized learning plan + Align exam engine to your current baseline knowledge + Eliminate wasted study time + Exam pass guarantee And much more - https://www.skillset.com