Chapter 20 - 01 - Understand the Fundamentals of Computer Forensics - 01_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Chapter 20 - 02 - Understand Digital Evidence - 01_ocred_fax_ocred.pdf
- Chapter 20 - 02 - Understand Digital Evidence - 02_ocred_fax_ocred.pdf
- Chapter 20 - 02 - Understand Digital Evidence - 03_ocred_fax_ocred.pdf
- Chapter 20 - 06 - Digital Evidence Sources to Support Forensic Investigation - 01_ocred_fax_ocred.pdf
- Chapter 20 - 06 - Digital Evidence Sources to Support Forensic Investigation - 03_ocred_fax_ocred.pdf
- Chapter 20 - 07 - Collecting the Evidence - 01_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Computer Forensics Module Flow Digital E...
Certified Cybersecurity Technician Exam 212-82 Computer Forensics Module Flow Digital Evidence Sources Understand the Fundamentals to Support Forensic of Computer Forensics Investigation Understand Digital Evidence Collecting the Evidence Identify the Roles and Responsibilities of a Forensic Securing the Evidence Investigator Understand the Forensic Overview of Data Investigation Process and Acquisition its Importance Discuss Various Forensic Performing Evidence Investigation Phases Analysis Al Rights Reserved. Reproductionis Strictly Prohibited. Understand the Fundamentals of Computer Forensics Computer forensics plays a key role in tracking, investigating, and prosecuting cybercriminals. This section introduces computer forensics and its objectives. It also elaborates on why and when various enterprises may need to conduct a computer forensic investigation. Module 20 Page 2166 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Understanding Computer Forensics Computer forensics refer to a set of help identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment, such that any discovered evidence is acceptable during a legal and/or administrative proceeding Understanding Computer Forensics Computer forensics is a part of digital forensics that deals with crimes committed across computing devices such as networks, computers, and digital storage media. It refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment such that the discovered evidence is acceptable during a legal and/or administrative proceeding in a court of law. In summary, computer forensics deals with the process of finding admissible evidence related to a digital crime to find the perpetrators and initiate legal action against them. Module 20 Page 2167 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Objectives of Computer Forensics Estimate the potential impact Identify, gather, and Gather evidence of cyber..2 e gy. i.. ;i of malicious activity on the preserve the evidence crimes in a forensically by.. (] =) victim and assess the intent of a cybercrime sound manner of the perpetrator Minimize the tangible Protect the organization Support the prosecution of % and intangible losses to 0 Q from similar incidents in the perpetrator of an the organization the future incident Objectives of Computer Forensics It is essential to use computer forensics for the following: = |dentify, gather, and preserve the evidence of a cybercrime = |dentify and gather evidence of cybercrimes in a forensically sound manner = Track and prosecute the perpetrators in a court of law = Interpret, document, and present the evidence such that it is admissible during prosecution = Estimate the potential impact of malicious activity on the victim and assess the intent of the perpetrator = Find vulnerabilities and security loopholes that help attackers = Understand the techniques and methods used by attackers to avert prosecution and overcome them = Recover deleted files, hidden files, and temporary data that can be used as evidence = Perform incident response (IR) to prevent further loss of intellectual property, finances, and reputation during an attack = Know the laws of various regions and areas, as digital crimes are widespread and remote = Know the process of handling multiple platforms, data types, and operating systems = Learn to identify and use the appropriate tools for forensic investigations Module 20 Page 2168 Certified Cybersecurity Technician Copyright © by EG-Council EG-Bouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics = Prepare for incidents in advance to ensure the integrity and continuity of network infrastructure = Offer ample protection to data resources and ensure regulatory compliance ® Protect the organization from similar incidents in the future = Help counteract online crimes such as abuse, bullying, and reputation damage * Minimize the tangible and intangible losses to an organization or an individual = Support the prosecution of the perpetrator of a cybercrime Module 20 Page 2169 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Need for Computer Forensics 01 03 To ensure the overall integrity and 4 5 :3 //j To efficiently track down continued existence of IT systems 77~ perpetrators from different and network infrastructure within parts rts of of the the worl world the organizations 04{704 ol To extract, process, and interpret % the factual evidence such that it °L] To protect the organization’s financial resources and valuable time proves the attacker’s actions in court Copyright © by EC Cl. All Rights Reserved. Al Reproduction is Strictly Prohibited Need for Computer Forensics An exponential increase in the number of cybercrimes and civil litigations involving large organizations has emphasized the need for computer forensics. It has become a necessity for organizations to employ the service of a computer forensics agency or to hire a computer forensics expert to solve cases involving the use of computers and related technologies. The staggering financial losses caused by cybercrimes have also contributed to renewed interest in computer forensics. Computer forensics plays an important role in tracking cybercriminals. The main role of computer forensics is as follows: Ensure the overall integrity and the continued existence of an organization’s computer system and network infrastructure Help the organization capture important information if their computer systems or networks are compromised. Forensic evidence also helps prosecute the perpetrator of a cybercrime, if caught. Extract, process, and interpret the actual evidence so that it proves the attacker’s actions and their guilt or innocence in court Efficiently track down perpetrators/terrorists from different parts of the world. Terrorists who use the Internet as a communication medium can be tracked down, and their plans can be discovered. IP addresses are vital to finding the geographical location of the terrorists. Save the organization’s money and valuable time. Many managers allocate a large portion of their IT budget for computer and network security. Track complex cases such as child pornography and email spamming, etc. Module 20 Page 2170 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics 3 When Do You Use Computer Forensics? © Prepare for incidents by securing and strengthening the defense mechanism as well as closing the loopholes in security © Identify the actions needed for incident response k © Act against copyright and intellectual property theft/misuse © Estimate and minimize the damage to resources in a corporate setup © Set a security parameter and formulate security norms for ensuring forensic readiness Copyright © by EC-EC- ClL til All Rights Reserved. Reproductionis Is Strictly Prohibited Prohibited. When Do You Use Computer Forensics? Computer forensics is required when a computer-based crime occurs, and as mentioned earlier, such crimes are increasing worldwide. Organizations need to employ the services of a computer forensics agency or hire a computer forensics expert to solve crimes that involve computers and related technologies. The staggering financial losses caused by cybercrimes have also contributed to a renewed interest in computer forensics. Computer forensics can be helpful against all types of security and criminal incidents that involve computer systems and related technologies. Most organizations seek the help of computer forensics for the following: = Prepare for incidents by securing and strengthening the defense mechanism as well as closing the loopholes in security = Gaining knowledge of the regulations related to cyber laws and comply with them = Report incidents involving a breach of cybersecurity =» |dentify the actions needed for incident response =» Act against copyright and intellectual property theft/misuse = Settle disputes among employees or between the employer and employees =» Estimate and minimize the damage to resources in a corporate setup = Set a security parameter and formulate security norms for ensuring forensic readiness Module 20 Page 2171 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
