Computer Forensics

Question 1

What is Computer Forensics?

Answer 1

Set of methodological procedures and techniques that help identify, gather, preserve, extract, interpret, document and present evidence from computing equipment, such that any discovered evidence is acceptable during a legal and/or administrative proceeding.

Question 2

What are the objectives of Computer Forensics?

Answer 2

1. Identify, gather and preserve the evidence.
2. Estimate the potential impact.
3. Assess the intent of the perpetrator.
4. Minimize the losses (tangible and intangible).
5. Protect from the similar incidents in the future.
6. Support the prosecution of the perpetrator.

Question 3

Impact of Cybercrimes at the Organizational Level

Answer 3

1. Loss of confidentiality, integrity and availability.
2. Data theft.
3. Disruption of business activities.
4. Loss of customer and stakeholder trust.
5. Reputational damage.
6. Financial losses.
7. Penalties arising from the failure to comply with regulations.

Question 4

What is Digital Evidence?

Answer 4

Any information of probative value that is either stored or transmitted in a digital form.

Question 5

What does Locard’s Exchange Principle say?

Answer 5

Anyone or anything entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave.

Question 6

What are the rules of evidence?

Answer 6

• Understandable
• Admissible
• Authentic
• Reliable
• Complete

Question 7

What does it mean that evidence has to be complete?

Answer 7

Prove the attacker’s actions of his/her innocence.

Question 8

What is the best evidence rule?

Answer 8

The court only allows the original evidence of a document, photograph or recording at the trail rather than a copy.