Forensics Investigation with Autopsy

From: What is Computer Forensics? (accessed by Benjamin Hobbs on 8/22/2023)

• Computer forensics specialists investigate secuirty issues, data breaches, and other types of cyber crime. These specialists recover documents, photos, emails, and other files from computer systems, hard drives, and other media. They also determine how a breach likely occurred and learn from them for the future.

Computer Forensics vs Cybersecurity

• While highly complimentary disciplines, computer forensics is more reactionary in nature. Cybersecurity seeks to be more preventative.

Cyber Forensic Work Field

There are many job titles associated with cyber forensic work including:

• Informations Security Crime Investigator
• Computer Forensics Engineer
• Digital Forensics
• Computer Forensics
• Cyber Forensics
• Computer Forensics Specialist
• Computer Forensics Analyst
• Competer Forensics Investigator or Examiner
• Computer Forensics Technician

Computer Forensic Toolkit

Some popular options for computer forensic specialists to do their jobs are:

• EnCase
• SANS SIFT
• ProDiscover Forensic
• Volatilaty Framework
• The Sleuth Kit (+Autopsy)
• CAINE
• Xplico
• X-ways Forensics

Questions for Understanding

1. What are the main differences between computer forensics and cybersecurity?

• Forensics is reactionary - they act AFTER an incident has occurred
• Cybersecurity works to be preventative - working to PREVENT incidents from occurring

The two are synergistic and when an incident happens forensics teams process and study the data to find how it happened and how we may stop it in the future. Cybersecurity teams then put that knowledge into practice. 2. What are the six stages of a computer forensics examination?

1. Readiness
2. Evaluation
3. Collection
4. Analysis
5. Presentation
6. Review