-
Notifications
You must be signed in to change notification settings - Fork 0
Forensics Investigation with Autopsy
Benjamin Hobbs edited this page Aug 24, 2023
·
1 revision
From: What is Computer Forensics? (accessed by Benjamin Hobbs on 8/22/2023)
- Computer forensics specialists investigate secuirty issues, data breaches, and other types of cyber crime. These specialists recover documents, photos, emails, and other files from computer systems, hard drives, and other media. They also determine how a breach likely occurred and learn from them for the future.
- While highly complimentary disciplines, computer forensics is more reactionary in nature. Cybersecurity seeks to be more preventative.
There are many job titles associated with cyber forensic work including:
- Informations Security Crime Investigator
- Computer Forensics Engineer
- Digital Forensics
- Computer Forensics
- Cyber Forensics
- Computer Forensics Specialist
- Computer Forensics Analyst
- Competer Forensics Investigator or Examiner
- Computer Forensics Technician
Some popular options for computer forensic specialists to do their jobs are:
- EnCase
- SANS SIFT
- ProDiscover Forensic
- Volatilaty Framework
- The Sleuth Kit (+Autopsy)
- CAINE
- Xplico
- X-ways Forensics
- What are the main differences between computer forensics and cybersecurity?
- Forensics is reactionary - they act AFTER an incident has occurred
- Cybersecurity works to be preventative - working to PREVENT incidents from occurring
The two are synergistic and when an incident happens forensics teams process and study the data to find how it happened and how we may stop it in the future. Cybersecurity teams then put that knowledge into practice. 2. What are the six stages of a computer forensics examination?
- Readiness
- Evaluation
- Collection
- Analysis
- Presentation
- Review