Professional Documents
Culture Documents
Lesson 1 (Finals)
Lesson 1 (Finals)
Learning Objectives
The scientific examination and analysis of data held on or retrieved from computer
storage media or network and its presentation in a manner legally acceptable to a Court
What is Computer?
The term "electronic document" may be used interchangeably with "electronic data
message.”(Rules on Electronic Evidence A.M. No. 01-7-01-SC)
Any information being subject to human intervention or not, that can be extracted from a
computer system
Rely on computer forensics to back-up their investigation and use the recovered evidence
to support the filing of cases.
Prosecutors
Personal and business data discovered on a computer can be used as evidence in any
civil cases.
Insurance Companies
Private Corporations
Individual/Private Citizens
Law enforcement authorities collect evidence for computer related crimes and traditional
crimes such as:
Trafficking in Persons
Sexual harassment
Software Piracy
Hacking
Malware distribution
Fraud
Homicide investigations
Forgery
Digital Evidence
Volatile data
Non-volatile data
Volatile Data
This data is temporarily stored in the Memory (RAM) of the Computer system.
This data will be deleted once power is removed from the computer
Non-Volatile Data
This data resides in persistent storage media (hard disk drive, USB flash drive, optical
storage media)
o No action taken by the law enforcement agencies or their agents should change
the data held on a computer or other media which may subsequently be relied
upon in Court.
o Where possible computer data must be ‘imaged’ and that version be examined.
Principle 2
However it is imperative that the person doing so is competent and can account for their
actions.
Principle 3
An audit trail or other record of all processes applied to digital evidence should be created
and preserved. An independent third party should be able to examine these processes
and achieve the same result.
Principle 4
The person in charge of the case has overall responsibility for ensuring that a computer
has been correctly examined in accordance with the law and these principles.
What is a Forensic Image?
o A forensic image refers to verifiable and unaltered complete copy of the contents
of original storage device.
Training has always been an important process for every team in every business. It helps
to ensure that your employees are all on the same page, armed with the knowledge and
skills they need in order to do their jobs effectively.
It’s key to have the right type of training for the appropriate teams. This way you know
your resources are being used properly and yielding the best results possible. So you
may be hesitant at first to equip your entire workforce with cyber security training. After
all, isn’t doing so with your IT team sufficient?
As it turns out, it isn’t. It’s proven that human error is the biggest threat to cyber security,
and this can come from any corner of your organization.