WGU Forensics and Network Intrusion - C702 Computer forensics

WGU Forensics and Network Intrusion - C702 Computer forensics -ANSWER refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document and present evidence from computing equipment that is acceptable in a court of Law Cybercrime is defined -ANSWER as any illegal act involving a computing device, network, its systems, or its applications. It is categorized into two types based on the line of attack: internal attacks and external attacks Computer crimes -ANSWER pose new challenges for investigators due to their speed, anonymity, volatile nature of evidence, global origin of the crimes and difference in laws, and limited legal understanding Approaches to manage cybercrime investigations include -ANSWER civil, criminal, and administrative approaches Digital evidence is -ANSWER "any information of probative value that is either stored or transmitted in a digital form". It is of two types: volatile (Power off its lost) and non- volatile (now difference if off) Forensic readiness refers to -ANSWER an organization's ability to optimally use digital evidence in a limited period of time and with minimal investigation costs. Helps maintain Business Continuity. Practice Drills. ' Plan: 1. Identify potential evidence required. 2. Determine Source 3. Define Policy 4. establish Policy 5. Identify if Full/formal investigation is required. 6. create process for documenting procedure 7. Legal advisory board 8. Keep Incident response team ready. includes technical and non-technical actions that maximize an organization's competence to use digital evidence. Organizations often include computer forensics as part of their -ANSWER incident