Understanding types of evidence
As an up-and-coming cybersecurity professional, it's important to understand the various types of evidence that are related to an investigation such as a cyber-crime investigation. In the field of cybersecurity operations, there are three types of evidence that every security professional needs to know about and understand how they are related to a forensic investigation on a compromised system. These types of evidence are outlined here:
- Best evidence: This type of evidence is the original evidence captured from a crime scene by a computer forensics professional. This type of evidence is presented in court during a prosecution. This type of evidence does not require any additional validation to prove itself to a court; it is what it is. An example of best evidence is data that may reside in RAM that is related to the cyber-crime.
- Corroborative evidence: This type of evidence is defined as evidence that supports a theory related to the...