The ThorTeaches CISSP, CISM, and CC blog!

Get certification updates, tips, tricks, sales, and much more!

orange-underline-thorteaches-cissp-cism-cc-ccsp-security-training

CISSP certification: Evidence for legal and regulatory issues.

    • Types of evidence:
      • Real Evidence: Tangible and Physical objects, in IT Security: Hard Disks, USB Drives – NOT the data on them.
      • Direct Evidence: Testimony from a first hand witness, what they experienced with their 5 senses.
      • Circumstantial Evidence: Evidence to support circumstances for a point or other evidence.
      • Collaborative Evidence: Supports facts or elements of the case, not a fact on its own, but support other facts.
      • Hearsay: Not first and knowledge – normally inadmissible in a case.
        • Computer generated records and with that Log Files were considered hearsay, but case law and updates to the Federal Rule of Evidence have changed that. Rule 803 provides for the admissibility of a record or report that was “made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record or data compilation.”
      • Best Evidence Rule – The courts prefer the best evidence possible.
        • Evidence should be accurate, complete, relevant, authentic, and convincing.
      • Secondary Evidence – This is common in cases involving IT.
        • Logs and documents from the systems are considered secondary evidence.
      • Evidence Integrity – It is vital that the evidence’s integrity cannot be questioned.
        • We do this with hashes. Any forensics is done on copies and never the originals.
        • We check hash on both original and copy before and after the forensics.
      • Chain of Custody – This is done to prove the integrity of the data; that no tampering was done.
        • Who handled it?
        • When did they handle it?
        • What did they do with it?
        • Where did they handle it?

Start studying today!

  • 34 hours of CISSP videos
  • 5,000+ CISSP questions
  • A 300-page CISSP study guide
  • 120-page quick sheets
  • CISSP Mnemonics
  • A CISSP study plan
  • A 2,500-page CISSP Glossary
  • The 24/7 CISSP ThorBot (chatbot)
  • 2,500 CISSP Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • 32 hours of CISM videos
  • 900 CISM questions
  • A 200-page CISM study guide
  • CISM Mnemonics
  • A CISM study plan
  • A 2,500-page CISM Glossary
  • The 24/7 CISM ThorBot (chatbot)
  • 2,500 CISM Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • 17 hours of CC videos
  • 1,700+ CC questions
  • A 120-page CC study guide
  • CC Mnemonics
  • A CC study plan
  • A 2,500-page CC Glossary
  • The 24/7 CC ThorBot (chatbot)
  • 2,500 CC Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access