Every organization will eventually deal with cyber-crime. Fraud, intrusion, insider threat, phishing and other cyber-crimes are now a fact of life. If you are an IT or law enforcement professional and don't know how to look for and sort out these cases -- your skills are becoming less valuable every day. SANS developed this site and the related resources to provide a 'home' for those that are focused on computer forensics. You can find advice, research, training, and other resources to unravel incidents and fight crime.
SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security.
Why Is Computer Forensics Important?
Proper handling of a forensics investigation is key to fighting back against computer crimes. A thorough understanding of many areas is required for a proper investigation including: situation; acquisition; analysis; reporting; presenting; and certification.
- Incident response teams need to respond to intrusions in addition to e-discovery requests.
- Forensics analysts need to gather digital evidence using approved legal and technical methodologies.
- Forensics analysts need to examine data, extracting key evidence while preserving data integrity.
- Forensic analysts need to communicate key information with management.
- Analysts need to be prepared to present evidence in civil or criminal courts.
- Forensic certification increases an analyst's stature in a court of law.
Link To SANS Computer Forensics
For information and graphics to link back to SANS Computer Forensics see:
Instructions on How to Link to SANS Computer Forensics web site