search

Which post incident activity would be concerned with maintaining the proper chain-of-custody?

1 Jahrs vor
Kommentare: 0
Ansichten: 115

Which post incident activity would be concerned with maintaining the proper chain-of-custody?

Show

Which post incident activity would be concerned with maintaining the proper chain-of-custody?

This course gives you the background needed to gain Cybersecurity skills as part of the Cybersecurity Security Analyst Professional Certificate program. You will learn about the different phases of penetration testing, how to gather data for your penetration test and popular penetration testing tools. Furthermore, you will learn the phases of an incident response, important documentation to collect, and the components of an incident response policy and team. Finally, you will learn key steps in the forensic process and important data to collect. This course also gives you a first look at scripting and the importance to a system analyst. This course is intended for anyone who wants to gain a basic understanding of Cybersecurity or as the fifth course in a series of courses to acquire the skills to work in the Cybersecurity field as a Cybersecurity Analyst. The completion of this course also makes you eligible to earn the Penetration Testing, Incident Response and Forensics IBM digital badge. More information about the badge can be found https://www.youracclaim.com/org/ibm/badge/penetration-testing-incident-response-and-forensics. In this course you will learn to: • Describe penetration testing tools and the benefits to an organization • Describe a deep dive into incident response techniques and tools • Describe digital forensics and digital evidence. • Discuss the power of scripting.

View Syllabus

Skills You'll Learn

scripting, forensics, Penetration Test, Cybersecurity, Computer Security Incident Management

Reviews

  • 5 stars

    72.75%

  • 4 stars

    19.76%

  • 3 stars

    4.61%

  • 2 stars

    1.74%

  • 1 star

    1.12%

BU

Jan 14, 2022

The course provided important skills on penetration test, incident reponse and digital forensics. It has enhnaces and my knoledge in these field and made me confident working with these.

ES

Aug 23, 2020

Very thorough topical information at the entry level that leaves you with confidence and knowledge afterwards. I am very thankful for this course and the whole IBM Cyber Pro Cert.

From the lesson

Incident Response

In this module, you will learn the various phases of an incident response, the importance of documentation and how it relates to the incident and the components of an incident response policy.

Taught By

  • Which post incident activity would be concerned with maintaining the proper chain-of-custody?

    IBM Security Learning Services

    IBM Global Subject Matter Experts

Chain of Custody refers to the logical sequence that records the sequence of custody, control, transfer, analysis and disposition of physical or electronic evidence in legal cases. Each step in the chain is essential as if broke, the evidence may be rendered inadmissible. Thus we can say that preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence.

In this article, we will be discussing-

  1. What Chain of Custody entails in Digital Forensics.
  2. Importance of maintaining Chain of Custody.
  3. Chain of Custody Process.
  4. The Chain of Custody Form.
  5. Procedure to establish the Chain of Custody
  6. How Chain of Custody can be assured?

Let’s get started with each section in detail.

What the Chain of Custody entails in Digital Cyber Forensics?

If you are in the field of Cyber Security, you will be at one point in your career will be involved in Digital Forensics. One of the concepts that is most essential in Digital Forensics is the Chain of Custody.
The chain of custody in digital cyber forensics is also known as the paper trail or forensic link, or chronological documentation of the evidence.

  • Chain of custody indicates the collection, sequence of control, transfer and analysis.
  • It also documents details of each person who handled the evidence, date and time it was collected or transferred, and the purpose of the transfer.
  • It demonstrates trust to the courts and to the client that the evidence has not tampered.

Digital evidence is acquired from the myriad of devices like a vast number of IoT devices, audio evidence, video recordings, images, and other data stored on hard drives, flash drives, and other physical media.

Importance of maintaining Chain of Custody?

Importance to Examiner:

  • To preserve the integrity of the evidence.
  • To prevent the evidence from contamination, which can alter the state of the evidence.
  • In case you obtained metadata for a piece of evidence but unable to extract any meaningful information from the metadata. In such a case, the chain of custody helps to show where possible evidence might lie, where it came from, who created it, and the type of equipment used. This will help you to generate an exemplar and compare it to the evidence to confirm the evidence properties.

Importance to the Court: If not preserved, the evidence submitted in the court might be challenged and ruled inadmissible.

Chain of Custody Process

In order to preserve digital evidence, the chain of custody should span from the first step of data collection to examination, analysis, reporting, and the time of presentation to the Courts. This is very important to avoid the possibility of any suggestion that the evidence has been compromised in any way.

Which post incident activity would be concerned with maintaining the proper chain-of-custody?

Let’s discuss each stage of the chain of custody in detail:

  1. Data Collection: This is where chain of custody process is initiated. It involves identification, labeling, recording, and the acquisition of data from all the possible relevant sources that preserve the integrity of the data and evidence collected.
  2. Examination: During this process, the chain of custody information is documented outlining the forensic process undertaken. It is important to capture screenshots throughout the process to show the tasks that are completed and the evidence uncovered.
  3. Analysis: This stage is the result of the examination stage. In the Analysis stage, legally justifiable methods and techniques are used to derive useful information to address questions posed in the particular case.
  4. Reporting: This is the documentation phase of the Examination and Analysis stage. Reporting includes the following:
    • Statement regarding Chain of Custody.
    • Explanation of the various tools used.
    • A description of the analysis of various data sources.
    • Issues identified.
    • Vulnerabilities identified.
    • Recommendation for additional forensics measures that can be taken.

The Chain of Custody Form

In order to prove a chain of custody, you’ll need a form that lists out the details of how the evidence was handled every step of the way. The form should answer the following questions:

  • What is the evidence?: For example- digital information includes the filename, md5 hash, and Hardware information includes serial number, asset ID, hostname, photos, description.
  • How did you get it?: For example- Bagged, tagged or pulled from the desktop.
  • When it was collected?: Date, Time
  • Who has handle it?
  • Why did that person handled it?
  • Where was it stored?: This includes the information about the physical location in which proof is stored or information of the storage used to store the forensic image.
  • How you transported it?: For example- in a sealed static-free bag, or in a secure storage container.
  • How it was tracked?
  • How it was stored?: For example- in a secure storage container.
  • Who has access to the evidence?: This involves developing a check-in/ check-out process.

The CoC form must be kept up-to-date. This means every time the best evidence is handled off, the chain of custody form needs to be updated.

Procedure to establish the Chain of Custody

In order to assure the authenticity of the chain of custody, a series of steps must be followed. It is important to note that the more information Forensic expert obtains concerning the evidence, the more authentic is the created chain of custody. You should ensure that the following procedure is followed according to the chain of custody for electronic devices:

  • Save the original material
  • Take photos of the physical evidence
  • Take screenshots of the digital evidence.
  • Document date, time, and any other information on the receipt of the evidence.
  • Inject a bit-for-bit clone of digital evidence content into forensic computers.
  • Perform a hash test analysis to authenticate the working clone.

How can the Chain of Custody be assured?

A couple of considerations are involved when dealing with digital evidence and Chain of Custody. We shall discuss the most common and globally accepted and practiced best practices.

  1. Never ever work with the Original Evidence: The biggest consideration that needs to be taken care of while dealing with digital evidence is that the forensic expert has to make a full copy of the evidence for forensic analysis. This cannot be overlooked as when errors are made to working copies or comparisons need to be done, then, in that case, we need an original copy.
  2. Ensuring storage media is sterilized: It is important to ensure that the examiner’s storage device is forensically clean when acquiring the evidence. Suppose if the examiner’s storage media is infected with malware, in that case, malware can escape into the machine being examined and all of the evidence will eventually get compromised.
  3. Document any extra scope: During the process of examination, it is important to document all such information that is beyond the scope of current legal authority and later brought to the attention of the case agent. A comprehensive report must contain following sections:
    • Identity of the reporting agency.
    • Case identifier.
    • Case investigator.
    • Identity of the submitter.
    • Date of receipt.
    • Date of report.
    • Descriptive list of items submitted for examination: This includes the serial number, make, and model.
    • Identity and signature of the examiner
    • Brief description of steps taken during the examination: For example- string searches, graphics image searches, and recovering erased files.
    • Results.
  4. Consider the safety of the personnel at the scene: It is very important to ensure that the crime scene is fully secure before and during the search. In some cases, the examiner may only be able to do the following while onsite:
    • Identify the number and type of computers.
    • Interview the system administrator and users.
    • Identify and document the types and volume of media: This includes removable media also.
    • Determine if a network is present.
    • Document the information about the location from which the media was removed.
    • Identify offsite storage areas and/or remote computing locations.
    • Identify proprietary software.
    • Determine the operating system in question.

The Digital evidence and Digital Chain of Custody are the backbones of any action taken by digital forensic specialists. In this article, we have examined the seriousness of the digital evidence and what it entails and how slight tampering with the digital evidence can change the course of the forensic expert’s investigation.

References: – https://en.wikipedia.org/wiki/Chain_of_custody


What is post incident activity?

Post-Incident Activity: After remediating an incident, the organization will take steps to identify and implement any lessons learned from the event, and to pursue or fulfill any legal action or requirements.

Which three 3 of the following are components of an incident response policy?

The Three Elements of Incident Response: Plan, Team, and Tools.

What is data chain of custody?

WHAT IS CHAIN OF CUSTODY? Chain of custody is a process used to track the movement and control of an asset through its lifecycle by documenting each person and organization who handles an asset, the date/time it was collected or transferred, and the purpose of the transfer.

What are the three 3 main hurdles that must be overcome when examining data?

Q5) What are the three (3) main hurdles that must be overcome when examiningdata? (Select 3)Bypassing controls such as operating system and encryption passwords. Selecting the most effective tools to help with the searching and filtering ofdata. Dealing with a sea of data.

post incident activity concerned maintaining proper chain-of-custody

zusammenhängende Posts

Which of the following is a way to detect nefarious activity using an administrative control?
Which of the following is a way to detect nefarious activity using an administrative control?

In 1972, two Washington Post reporters uncovered evidence linking the Watergate break-in to
In 1972, two Washington Post reporters uncovered evidence linking the Watergate break-in to

Which risk treatment strategy focuses on planning and preparation to reduce the damage caused by a realized incident or disaster?
Which risk treatment strategy focuses on planning and preparation to reduce the damage caused by a realized incident or disaster?

Deterrence is the best method for preventing an illegal or unethical activity. ____________
Deterrence is the best method for preventing an illegal or unethical activity. ____________

Which activity will the nurse encourage new parents to complete in order to assist their infant in accomplishing?
Which activity will the nurse encourage new parents to complete in order to assist their infant in accomplishing?

Which of the following best matches the testing activity with how traceability can assist that activity?
Which of the following best matches the testing activity with how traceability can assist that activity?

What is the project management term for the amount of time an activity can be delayed without delaying the project?
What is the project management term for the amount of time an activity can be delayed without delaying the project?

Dhl paket wenn empfänger nicht zuhause
Dhl paket wenn empfänger nicht zuhause

Which costing method has the aim to come up with improvements on competitors products or lower costs when designing similar products?
Which costing method has the aim to come up with improvements on competitors products or lower costs when designing similar products?

Deutsche post weiden in der oberpfalz bayern
Deutsche post weiden in der oberpfalz bayern

Werbung

NEUESTEN NACHRICHTEN

Which incentive plans are specifically designed to promote group performance
1 Jahrs vor . durch ContaminatedSeizure
According to the flsa, which individual is most likely a nonexempt employee?
1 Jahrs vor . durch CurledParadox
Reactive and protective behaviors designed to avoid action, blame, or change are termed ________.
1 Jahrs vor . durch ArchitecturalJogging
The machiavellian personality is characterized by the will to manipulate and the desire for power.
1 Jahrs vor . durch SubstantiveCholera
Ist ein mann in brunn gefallen noten
1 Jahrs vor . durch High-poweredAbundance
Which of the following biometric authentication systems is the most accepted by users?
1 Jahrs vor . durch ConcomitantHomeland
Was ist der Unterschied zwischen Hanf und CBD?
1 Jahrs vor . durch IllustratedSolicitation
Wie viele noten braucht man für eine zeugnisnote sachsen-anhalt
1 Jahrs vor . durch HalfwayMeantime
Wie fühlt man sich wenn man schwanger ist am anfang
1 Jahrs vor . durch UptownLineage
Kann man Basaltemperatur auch tagsüber Messen?
1 Jahrs vor . durch FlashyDismissal

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitth
Urheberrechte © © 2024 defrojeostern Inc.