Use your computer fearlessly.

Mission Services Articles Research

technical: digital forensics

Evidence Gathering

by Brent Kirkpatrick

(Date Published: .)

Gathering evidence involves capturing exploits, isolating their machine code, and analyzing them.

Evidence gathering involves statistical measures of confidence. "Forensics" is a misnomer when it does not involve rigorous statistics. The process and the result of the process is only as good as the steps used to obtain the result. Any evidence should be accompanied by a description of the scientific process by which it was obtained.

The goal of doing "forensics" is to take a hacked computer, examine all the exploits on it, and discuss with statistical confidence, the mechanisms of the responsible exploit(s). Attribution, or who-done-it, is the responsibility of investigators and detectives, not computer experts.

cartoon magnifying glass and motherboard
In essence, computer security people doing forensics are running a crime lab and should properly document chain of custody and analysis method(s). The documentation should be sufficient for a court-of-law.

Doing computer forensics is an art, similar to doing statistical consulting. In both cases, one is looking for a needle-in-a-haystack. Both require a magic touch or talent. Hackers try to hide their exploits, and sometimes they even clean up after themselves. So, capturing and analyzing an exploit is different every time.

Intrepid Net Computing provides custom evidence gathering work.

defendIT image

defendIT (TM). AI-driven security measures derived from security incident data.

What Is New? | Contact | Tips

© 2015-2021 Intrepid Net Computing. All rights reserved.