Computer forensics is a subject that covers how to collect and maintain evidence, and how to use it for attribution. In your future career, you will use this attribution to establish what happened and how to fix it, alongside whose fault it was.
This subject comprises about 5% of the 210-255 exam, and is a requirement for catching criminals and bringing about prosecutions. It also allows organizations to attribute blame, which can be important in maintaining compliance with government requirements, as well as maintaining customer confidence.
The following topics will be covered in this chapter:
- Types of evidence
- Maintaining evidential value
- Attribution