O'Reilly logo

System Forensics, Investigation, and Response by K Rudolph, John R. Vacca

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Forensics Methods and Labs

EVIDENCE CAN MAKE OR BREAK AN INVESTIGATION. For evidence to be forensically sound, it must be collected properly and deemed authentic. This chapter discusses two frameworks for ensuring forensic soundness: the DFRWS framework and an event-based digital forensic investigation framework.

System forensics specialists conduct disk-based analysis investigations, store evidence, and do other work in a computer forensics lab. A lab facility must be physically secure so that evidence is not lost, corrupted, or destroyed. The lab should contain a variety of system forensics hardware and software, including forensic workstations and current and legacy software. In addition, the lab must have defined policies, processes, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required