Forensics Question

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
Sorry to be jumping all over the place with my questions, but the A.D.D kicks in from time to time. Anyhow, my question is how do the forensics involved with a hacking investigation compare to regular computer forensics? Are they the same in principal and just different in execution? Thanks!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,769 Admin
    What is "regular computer forensics" to you?
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Yeah there should be no difference. Sound forensic processes are used no matter what the reason behind the investigation. They may be looking for different items to turn into evidence, but the process should be the same.
    I bring nothing useful to the table...
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Sorry should have been more specific. Regular computer forensics as in say a case of child pornography or a cheating spouse with something to hide.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    It also depends on if the evidence collected is going to be used in a court of law. Someone may just investigate without the intent to go to court. In that case they could use whatever tactics they choose. If the evidence found is for a legal case, then only sound forensic methods (chain of custody, bit for bit copy, software with the reputation of standing up in court, etc) can be used. That would be about the only difference. The investigator would check log files, time stamps, registry info, etc in either situation. Data acquisition would be the same as well. Proper incident handling/response would have to be used to initially collect evidence in either situation.

    Also, cases like child pornography are usually done by a law enforcement officer (or contractor), where as hacking or the cheating spouse may be done by a forensics firm instead of law enforcement.

    If I'm wrong please correct me, but I think that should cover it.
    I bring nothing useful to the table...
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Thanks!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.