O'Reilly logo

Cyber Forensics: From Data to Digital Evidence by Albert J. Marcella, Frederic Guillossou

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER TWELVE

Investigation

Incident Closure

I think I did pretty well, considering I started out with nothing but a bunch of blank paper.

—Steve Martin

THE EFFORT REQUIRED in the next phases of an investigation is as systematic and thorough as any of those previously discussed. Although the process is fairly linear (see Figure 12.1), the “steps” of the investigative process are not necessarily successive or consecutive; they may overlap and vary depending upon case. Phases themselves allow for specific customization suiting various requirements: legal, lawful, corporate, or otherwise.

FIGURE 12.1 Steps in the Investigation Process

image

FORENSIC INVESTIGATIVE SMART PRACTICES

STEP 5: INVESTIGATION (CONTINUED)

“in•ves•ti•ga•tion”

1. The action of investigating something or someone; formal or systematic examination or research.

2. A formal inquiry or systematic study.

In some circumstances, a cyber forensic investigation could be defined as simply the action of extracting data to meet a given search criteria; something easily accomplished in an automated manner. This definition could certainly apply if under contractual obligation or court order. The “Sherlock Holmes” aspect of an investigation may not always present itself; the investigation may be strictly limited to the search criteria.

At times, a cyber forensic investigator can become over sensitized to the systematic nature ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required