I admit it, cyber security is an exciting topic to me at least. Beign grown up watching movie films like War games and others boosted my interest in computers and eventually I end up working in the field as software developer. This is the first (and hopefully not the last) post in a series about computer forensics, notes I’ve taken from an online class at edX.

The process

  1. Collect
  2. Preserve
  3. Analyze
  4. Report

Data preservation

Evidence must be authentic an unlatered to achieve this goal forensic investigators often use hashing algorithms such as MD5 and SHA to generate hashes from such as files, disk images and any other collected evidence. By logging every step in the evidence collection and the calculated hashes it is possible to prove that evidence hasn’t been tampered.