IT-Forensics

The field of study that focuses on collecting and processing data to be used as legal evidence. The goal is to answer the following questions:

• What happend?
• Where did it happen?
• When did it happen?
• How did it happen?
• Who did it? (it was albrecht btw.)

Types of Analysis

• Online: Collecting evidence -- often from volatile memory -- during the runtime of a system
• Post-Mortem: Running analysis on copies of already collected data

Modus Operandi à la Casey