About SANS Computer Forensics

About SANS Computer Forensics

Mission Statement

Every organization will eventually deal with cyber-crime. Fraud, intrusion, insider threat, phishing and other cyber-crimes are now a fact of life. If you are an IT or law enforcement professional and don't know how to look for and sort out these cases -- your skills are becoming less valuable every day. SANS developed this site and the related resources to provide a 'home' for those that are focused on computer forensics. You can find advice, research, training, and other resources to unravel incidents and fight crime.

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security.

Why Is Computer Forensics Important?

Proper handling of a forensics investigation is key to fighting back against computer crimes. A thorough understanding of many areas is required for a proper investigation including: situation; acquisition; analysis; reporting; presenting; and certification.

Situation
Incident response teams need to respond to intrusions in addition to e-discovery requests.
Acquisition
Forensics analysts need to gather digital evidence using approved legal and technical methodologies.
Analysis
Forensics analysts need to examine data, extracting key evidence while preserving data integrity.
Reporting
Forensic analysts need to communicate key information with management.
Presenting
Analysts need to be prepared to present evidence in civil or criminal courts.
Certification
Forensic certification increases an analyst's stature in a court of law.

Link To SANS Computer Forensics

For information and graphics to link back to SANS Computer Forensics see:
Instructions on How to Link to SANS Computer Forensics web site