Chapter 20 - 03 - Identify the Roles and Responsibilities Of a Forensic Investigator PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Cours Analyse Forensique P1 PDF
- Certified Cybersecurity Technician Computer Forensics PDF
- Computer Forensics - Certified Cybersecurity Technician - Exam 212-82 PDF
- Chapter 20 - 05: Cybersecurity Forensic Investigation Phases - PDF
- Computer Forensics Exam 212-82 PDF
- Computer Forensics Fundamentals PDF
Summary
This chapter on computer forensics details the roles and responsibilities of a forensic investigator. It also describes the need for a forensic investigator, including the importance of strong evidence handling and incident response management in the context of cybercrime investigations.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Computer Forensics Module Flow ’ *'...
Certified Cybersecurity Technician Exam 212-82 Computer Forensics Module Flow ’ *' Digital Evidence Sources Understand the Fundamentals to Support zlg‘i:al Forensic ::;ig::::sf:uxces of Computer Forensics Inve:tfgatlon Investigation —— — [ )~ h‘\ —~. Understand Digital Evidence //_\\. /_/\\\ p n® 0Z) @9 Collecting the Evidence Identify the Roles and /_\ /\ ‘ Responsibilities of a Forensic () Q @. Securing the Evidence Investigator N \ Understand the Forensic N/ / @4> @4) Investigation Process and @] \ / ‘ gvezviiet:v :f Al g:erviiet:::f I its Importance ‘2 Sp—— T O. Discuss Various Forensic Performing Evidence Investigation Phases Analysis HB Copyright © by £ Identify the Roles and Responsibilities of a Forensic Investigator By using their skills and experience, a computer forensic investigator helps organizations and law enforcement agencies identify, investigate, and prosecute the perpetrators of cybercrimes. Upon arrival on the scene, the investigator inspects the suspect's systems/devices, extracts and acquires data of evidentiary value, and analyzes it with the right forensic tools to determine the root cause of the security incident. This section highlights the key responsibilities of a forensics investigator and outlines the attributes of a good computer forensics investigator. Module 20 Page 2195 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Need for a Forensic Investigator i incident Management Cybercrime Sound Evidence Incident Handling Investigation Handling and Response Forensic investigators, by virtue If a technically inexperienced Forensic investigators help of their skills and experience, person examines the evidence, it organizations maintain forensics help organizations and law might become inadmissible in a readiness and implement enforcement agencies court of law effective incident handling and investigate and prosecute the response perpetrators of cybercrimes Need for a Forensic Investigatox = Cybercrime Investigation Forensic investigators, by virtue of their skills and experience, help organizations and law enforcement agencies investigate and prosecute the perpetrators of cybercrimes = Sound Evidence Handling If a technically inexperienced person examines the evidence, it might become inadmissible in a court of law = Incident Handling and Response Forensic investigators help organizations maintain forensics readiness and implement effective incident handling and response Module 20 Page 2196 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics Roles and Responsibilities of a Forensics Investigator A forensic investigator performs the following tasks: © Determines the extent of any damage DSRCITHAS done500during S the- crime 0y damage done during the crime A ] ;":\- Analyzes the evidence data found Recovers data of investigative value from computing devices Prepares the analysis report involved in crimes Updates the organization about Creates an image of the original various attack methods and data evidence without tampering with recovery techniques, and maintains it to maintain its integrity a record of them Addresses the issue in a court of law Guides the officials carrying out @ and attempts to win the case by the investigation testifying in court Roles and Responsibilities of a Forensics Investigator A forensic investigator performs the following tasks: Evaluates the damages of a security breach Identifies and recovers data required for investigation Extracts the evidence in a forensically sound manner Ensures appropriate handling of the evidence Acts as a guide to the investigation team Creates reports and documents about the investigation for presenting in a court of law Reconstructs the damaged storage devices and uncovers the information hidden on the computer Updates the organization about various methods of attack and data recovery techniques, and maintains a regularly updated record of them (by determining and using the relevant documentation method) Addresses the issue in a court of law and attempts to win the case by testifying in court Module 20 Page 2197 Certified Cybersecurity Technician Copyright © by EG-Bouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Forensics What Makes a Good Computer Forensics Investigator? O Interviewing skills to gather extensive information about the case from the client or victim, witnesses, and suspects o Excellent writing skills to detail findings in the report o Strong analytical skills to find the evidence and link it to the suspect @® Excellent communication skills to explain their findings to the audience Remains updated about new methodologies and forensic technology © Well-versed in more than one computer platform (including Windows, Macintosh, and Linux) © Knowledge of various technologies, hardware, and software © Develops and maintains contact with computing, networking, and investigating professionals 2] Has knowledge of the laws relevant to the case What Makes a Good Computer Forensics Investigator? Forensic investigators should be familiar with the current Linux, Macintosh, and Windows platforms. They should also develop and maintain contacts with computing, networking, and investigating professionals. These contacts may be able to help them overcome any difficulties during an investigation. Interviewing skills to gather extensive information about the case from the client or victim, witnesses, and suspects Researching skills to know the background and activities pertaining to the client or victim, witnesses, and suspects Maintains perfect accuracy of the tests performed and their records Patience and willingness to work long hours Excellent writing skills to detail findings in the report Strong analytical skills to find the evidence and link it to the suspect Excellent communication skills to explain their findings to the audience Remains updated about new methodologies and forensic technology Well-versed in more than one computer platform (including Windows, Macintosh, and Linux) Knowledge of various technologies, hardware, and software Develops and maintains contact with computing, networking, and investigating professionals Module 20 Page 2198 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Computer Computer Forensics Forensics = Honest, ethical, and law abiding = Has knowledge of the laws relevant to the case = Ability to control emotions when dealing with issues that induce anger = Multi-discipline expertise related to both criminal and civil cases Module 20 Page 2199 Module 2199 Certified Cybersecurity Certified Cybersecurity Technician Technician Copyright Copyright ©© by EG-Gouncil EG-Gounell All Rights Reserved. Reproduction is Strictly Prohibited. All Rights Prohibited.
