Field Guide Part Three

by Timothy Wright
Sept. 19, 2017 0 comments Symantec Detection & Response

Previously, in Overview of a Methodology for the Application of Computer Forensics we took a high level tour of a formal, methodical process for investigating computer crime. Our tour consisted of an overview of the two endeavors which comprise this process: search and seizure, and information discovery. Along the way, we considered why a formal method for investigating computer crime is truly necessary, and we related our method back to the well-known scientific method. Now, we're ready to take the plunge into the gritty details of the search and seizure forensic activity. However, a word of warning is in order: things become reasonably involved from this point on; try not to get overwhelmed. Keep in mind that the degree of complexity in the search and seizure process can always be scaled back in accordance with an organization's investigation policies