Abstract
This chapter discusses what constitutes digital evidence, the collection and analysis of digital evidence, the chain of custody, the writing of the report, and the possible appearance in court as an expert witness. There is an in-depth discussion of the digital evidence acquisition rule of thumb and the candidates for evidence extraction. On preserving of evidence, extra care must be taken in preserving digital evidence since digital evidence is very fluid, in that it can disappear or change so fast. The chapter discusses the various techniques to preserve evidence and what needs to be done if evidence is to be moved. Emphasis is given on the importance of careful analysis of digital evidence noting that this process is the most difficult and most opinionated. It is also the most important, most time-consuming, and painstakingly slow and should be thorough so that it can support or reject a fact based on identified patterns of activities, file signature anomalies, unusual behaviors, file transfers, and several other trends in the evidence. Final issues discussed in this chapter include the process of report writing and presentation and also the ethical implications and responsibilities of both the investigator and the lawyer.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rubin R (1996) More distancing and the use of information: the seven temptations. In: Kizza JM (ed) Social and ethical effects of the computer revolution. McFarland & Company, Jefferson
Intrusion analysis. SANS. https://www.sans.org/curricula/intrusion-analysis
Nelson B, Amelia P, Frank E, Chris S (2004) Guide to computer forensics and investigations. Course Technologies, Boston
Berghel H (2003) The discipline of internet forensics. Commun ACM 46(8):15
Kruse WII, Jay GH (2002) Computer forensics: incident response essentials. Addison-Wesley, Reading
Sammes T, Brian J (2000) Forensic computing: a practitioner’s guide. Springer, London
SymWise—Symantec Knowledge Base and MySymantec—Symantec Support. http://www.symantec.com/connect/articles/symwise-symantec-knowledgebase-and-mysymantec-symantec-support
Bender W, Gruhl D, Morimoto N, Lu A (1996) Techniques for data hiding. IBM Syst J 35:3–4
Wikipedia. Computer forensics. https://en.wikipedia.org/wiki/Computer_forensics
Pipkin DL (2000) Information security: protecting the global enterprise. Prentice Hall PTR, Upper Saddle River
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kizza, J.M. (2020). Computer and Network Forensics. In: Guide to Computer Network Security. Texts in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-030-38141-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-38141-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38140-0
Online ISBN: 978-3-030-38141-7
eBook Packages: Computer ScienceComputer Science (R0)