chapter  7
- Analyzing the Remnants of a Computer Security Incident
Pages 28

In this chapter, we will discuss the field of computer forensics. There has been a vast amount of development in the forensics community since the first edition of this book in 2000. However, the fundamental concepts of a forensic investigation are largely the same. We originally subdivided the field into three parts: computer forensics, cyber forensics, and software forensics. The explosion of network activity and network-enabled devices has made it almost impossible to conduct a forensic investigation without gathering data from multiple sources. We are going to change our classifications to more closely follow current industry practice. We will propose that the forensic discipline now be divided into these parts: media forensics, network forensics, and software forensics. Within your organization, it is highly likely that your investigation will encompass both what we originally classified as computer forensics (media) and cyber forensics (network). In some instances, it also may include the final part, software forensics. The computer forensics discipline has matured greatly since the first writing of the book, and, as such, so have the definitions surrounding the work.