>> When comparing cyber security to digital forensics,it's like talking about before versus after.
A cyber security incident is any illegal, unauthorized, or unacceptable actionthat involves a computing system or network.
Incidents are breaches of cyber security measures that were put in place before.
Incident response is the forensic examination of systemsand networks after they have been attacked.
It also involves taking actions to remediate an ongoing incident like blocking the attackersand restoring any lost availability as quickly as possible.
Forensic science uses scientificand mathematical processes to analyze physical evidence.
This evidence can be used to inculpate, prove that somebody did something or exculpate,prove that someone didn't do something in both civil and criminal cases.
Usually, the investigator will subsequently testify as an expert witness in a court of law.
Digital forensics is a subcategory of forensic science.
It deals with the acquiring and investigating of material found in digital devices,often in relation to computer crime.
With so many devices like phones, tablets and more in great usage today,the term computer forensics just wasn't as accurate as it used to be.
All computing devices fall under the term digital forensics not justtraditional computers.
So, digital forensics is a subcategory of forensic science.
And computer forensics is a subcategory of digital forensics.
There are many other subcategories of digital forensicslike network forensics and mobile data forensics.
In addition to inculpating or exculpating a suspect,digital forensics has a third major purpose: to figure out what happenedin a cyber security related attack.
This ensures integrity and future functionality of computer systems and network infrastructures.
It also helps protect a company's reputation, money, and time.
Forensic readiness adds value to your cyber security process.
Evidence for a company's defense can be gathered with minimal disruption to the business.
It's likely to improve your company position in responding to other security related issueslike copyright infringement, fraud, and extortion.
A well-managed process can reduce the cost of internal and external investigations.
It can improve and simplify working with law enforcement agencies.
It could also prepare a company for when major incidents occur, when a more in-depthand well-organized investigation would be needed.
Cyber crime is any illegal activity involving a computing device,its systems, or its applications.
Some examples of cyber crime that a forensic investigation could uncover include fraudthrough the manipulation of records, spam, circumvention of security controls,unauthorized access or system modification, theft of intellectual property, piracy,rigging systems like the stock market, espionage, and exfiltration of data,identity theft, writing and spreading of malware, denial of service,bandwidth consumption, and the creation and distribution of child pornography.
There are a few different ways computing devices can be part of a forensic investigation.
First, computing devices can be the tool used to commit a crime.
Secondly, when a computing device is hacked, it is the target of a crime.
Thirdly, storage locations on a computing device represent repositories for evidence of a crime.
转载于:https://www.cnblogs.com/sec875/articles/10452747.html
相关资源:黑客大曝光:恶意软件和Rootkit安全中文版