Computer Forensics Investigation Team PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Summary
This document outlines the roles and responsibilities of a computer forensics investigation team. It details the various team members and their functions, such as evidence collection, analysis, and documentation. The roles are important in solving cybercrimes.
Full Transcript
Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Computer Forensics Investigation Team @ ® OQ The investigation team plays a major role in solving a case OQ The team is responsible for evaluating the crime, evidence, and criminals People Involved in an Investigation Team...
Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Computer Forensics Investigation Team @ ® OQ The investigation team plays a major role in solving a case OQ The team is responsible for evaluating the crime, evidence, and criminals People Involved in an Investigation Team Photographer Photographs the crime scene and the evidence gathered Incident Responder Responsible for the measures to be taken when an incident occurs Incident Analyzer Analyzes the incidents based on their occurrence Evidence Examiner/Investigator Examines the evidence acquired and sorts the useful evidence Evidence Documenter Documents all the evidence and the phases present in the investigation process Evidence Manager Manages the evidence in such a way that it is admissible in the court of law Evidence Witness Offers a formal opinion in the form of a testimony in the court of law Attorney Provides legal advice Copyright © by EC-{ L Al All Rights Reserved. Reproduction Reproduction is ks Strictly Prohibited Prohibited. Computer Forensics Investigation Team The investigation team plays a major role in solving a case. The team is responsible for evaluating the crime, evidence, and criminals. To find the appropriate evidence from a variety of computing systems and electronic devices, the following people may be involved: =* Photographer: The photographer photographs the crime scene and the evidence gathered. They should have an authentic certification. This person is responsible for shooting all the evidence found at the crime scene, which records the key evidence in the forensics process. * Incident Responder: The incident responder is responsible for the measures taken when an incident occurs. This individual is responsible for securing the incident area and collecting the evidence that is present at the crime scene. They should disconnect the system from other systems to stop the spread of the incident to other systems. * Incident Analyzer: The incident analyzer analyzes the incidents based on the occurrence. They examine the incident as per its type, how it affects the systems, the different threats and vulnerabilities associated with it, etc. * Evidence Examiner/Investigator: The evidence examiner examines the evidence acquired and sorts it based on usefulness and relevance into a hierarchy that indicates the priority of the evidence. = Evidence Documenter: The evidence documenter documents all the evidence and the phases present in the investigation process. They gather information from all the people involved in the forensics process and document it in an orderly fashion, from incident occurrence to the end of the investigation. The documents should contain complete information about the forensics process. Module 03 Page 444 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 = Evidence Manager: The evidence manager manages the evidence. They have all the information about the evidence, for example, evidence name, evidence type, time, and source of evidence. They manage and maintain a record of the evidence such that it is admissible in the court of law. = Expert Witness: The expert witness offers a formal opinion as a testimony in a court of law. Expert witnesses help authenticate the facts and other witnesses in complex cases. They also assist in cross-examining witnesses and evidence, as various factors may influence a normal witness. = Attorney: The attorney gives legal advice about how to conduct the investigation and address the legal issues involved in the forensic investigation process Module 03 Page 445 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.