mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-27 23:04:05 -06:00
60 lines
1.7 KiB
Markdown
60 lines
1.7 KiB
Markdown
---
|
|
title: "23-digital-forensics"
|
|
aliases:
|
|
tags:
|
|
- comp210
|
|
- lecture
|
|
---
|
|
|
|
assit in legal/criminal proceedings
|
|
|
|
ICT in application to the law
|
|
|
|
requires broad range of technical knowledge
|
|
|
|
computers everywhere
|
|
- IoT, PCs, severs/cloud, smart devices, network routers and storage devices, other embedded systems
|
|
- can all hold forensically significant data
|
|
-
|
|
|
|
|
|
# types of evidence
|
|
- direct evidence
|
|
- evidence which a witness can provide a direct account of in their testimony
|
|
- circumstansial evidence
|
|
- relates less directly to the facts of the case, requireing some analysis or inference
|
|
- suggests or indicates by seldom proves
|
|
- corroborating evidence
|
|
- supports or is consistent with other circumstantial evidence
|
|
- forensic evidence
|
|
- a kind of circumstantial evidence, usually submitte by an expert witness
|
|
|
|
# digital forensic principles
|
|
- needs to be valildated
|
|
- physical forensics such as fingerprinting and DNA are the same
|
|
- chain of custody, is vital and must be unbroken
|
|
- necessitates proper procedures and handling
|
|
- "everything leaves a trace" some provisos i the digital domain
|
|
- maintain neutrality and objectivity
|
|
- good understanding of stats and probability can be vital
|
|
|
|
## ethos
|
|
- search for truth
|
|
- appreciate limits of certainty
|
|
- no bias or prejudice
|
|
- can work for either side but only one at a time
|
|
- document everything
|
|
- defend demonstrate and duplicate methods
|
|
|
|
## computers as a witness
|
|
- good at storing info, with great reliability.
|
|
- have no common sense, no initative.
|
|
|
|
## expert witnesses
|
|
- 
|
|
|
|
# documentation
|
|
- want to be able to recr
|
|
|
|
# volatility
|
|
- how quickly does the data vanish when power if removed. |