In Module One, you discussed the relationship between forensics and incident response in an organization. Address the following questions in your initial post:
- If you were to do a postmortem on your experience in this course, in what ways would you change how you initially determined approaching the process of gathering and analyzing evidence?
- If you would not change your approach, why not?
RESPOND TO THE DISCUSSION POST BELOW BASED ON THIS/THESE STATEMENT“ In response to your peers, compare and contrast their experience with your own.”
When responding to your peers identify key points of their discussion that present significant benefits or challenges to an incident reponse program. (TWO (2) PARAGRAPHS EACH WITH REFERENCES ON EACH OF THEM SEPARATELY, NOT TOGETHER)
1. Darryl Egb
Professor I want to thank you for providing an environment and the supporting context that really helped improve my understanding of the cyber forensic process and enhanced my confidence related to being able to manage the resources performing a cyber forensic investigation when the time comes.
For the class, I really enjoyed our virtual interactions. I now venture into my concentration area of IT Management. Hopefully I will be able to cross paths with you somewhere down the road.
In thinking about how my approach to gathering forensic evidence has changed, I think the biggest change is having an appreciation for the need to have documented procedures that are based upon the cyber forensic community’s currently accepted practices. Having spent time as Air Force cop and having taken the SANS Incident Handler course, I had a strong appreciation for maintaining the chain of custody and having documented procedures. The piece that I was missing was the need to ensure that the documented procedures were in line with the acceptable standards established by the cyber forensic community. Another change, actually I would call it enlightenment, is ensuring that I stay up to date on case law that governs cyber forensic activities. Knowing what makes evidence either admissible or inadmissible in court is critical knowledge that a cyber security manager should have.
2. Mary Rup
Hi Everyone! We made it!
If I were to do a postmortem on my experience in this course, and how I would change my approach to digital forensic, would be keeping the chain of custody from the start, then following up with laws and regulations, that might pertain to the case I was working on. This class has definitely opened my eyes, and with having an undergrad in software development, I may have found a new career path.
I have really enjoyed working with everyone in class! Hope our paths cross again in the future.
3. Anthony Bre
Forensic Analysis Approach
In what ways would you change how you initially determined approaching the process of gathering and analyzing evidence? If you would not change your approach, why not?
Not having any related experience in the field, my initial approach was to identify and reference federal rules of evidence and suggest that being aware of and following those would be a good idea. Having taken this course hasn't changed my opinion in that regard, as I still believe that proving rules of law were followed during the gathering and analyzing of information related to a case is the best way to ensure evidentiary integrity.
If having a digital forensic specialist on staff doesn't fit into an organization's business model, hiring a well-established company or experienced individuals (perhaps those who possess an industry certification, such as the International Information System Security Certification Consortium's (ISC2) Certified Cyber Forensics Professional (CCFP) accreditation) to ensure that evidence-related details are properly managed if an incident occurs would likely be money well spent (Certified Cyber Forensics Professional, 2018).