Forensics

Definition of Forensics

Ability to use data/system forensics tools to do preservation, examination, analysis, and reporting against systems. Understanding of the principles of chain of custody as well as an awareness of when forensics work needs outside professional assistance, legal or otherwise.

Assistant / Associate:

Know when to start formal digital forensics process
Know how to avoid contaminating evidence

Senior Associate / Professional:

Able to follow a predefined forensics process
Understand chain of custody principles

Senior Professional / Principal:

Able to analyze data found during forensic investigation
Careful to not disturb forensic environment
Know when to stop forensic investigation and engage outside professional assistance

How to Develop Forensics

Training Courses:

· BYU IT 566 –Digital Forensics

· SANS FOR572 – Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

· SANS FOR500 –Windows Forensics Analysis

Online Videos:

· https://www.youtube.com/watch?v=j3lgxdylktM

· https://www.youtube.com/watch?v=ZUqzcQc_syE

· https://www.youtube.com/watch?v=X6rRNOUPlf4

Experiences:

· Look at log streams from applications or systems you have access to and consider how the patterns in those logs might change if the application or system was under attack or had been breached.

How to Demonstrate Forensics

DO:Describe what you did in completing / achieving your development plan·

ASSESS:Share, if applicable, any assessments that were taken / provided related to your activities

LEARN:Explain what you felt that you were able to learn during your journey / experiences

APPLY:Give specifics examples where you have / plan to make direct application to your work

REFLECT:Review / consider things you would have done differently had you had this experience earlier·