CHAPTer 5 System Forensics Technologies A S EXPLAINED IN CHAPTER 1, "System Forensics Fundamentals," system forensics is the art and science of locating, extracting, analyzing, and protecting data from devices and networks. Specialists interpret this data and use it as legal evidence. The field of system forensics has been a mainstay for law enforcement and military agencies since the mid-1980s. It is relatively new to the private sector but is rapidly growing. This chapter looks at specific types of system forensics technology that specialists in the military, law enforcement, and business use. The analytical techniques are the same for each category. However, the focus of investiga- tions differs, depending on the specifics of the case. Perpetrators have different motives, and their actions have different impacts. Attacks range from trouble- making attempts to theft to attacks that cripple corporations or even govern- ments. Some perpetrators go to great lengths to frustrate a forensic investigation. A forensic investigator must know how to choose and use the most suitable technology for a given case. Chapter 5 Topics This chapter covers the following topics and concepts: · How the military uses system forensics · Which technologies law enforcement agencies use · How businesses use system forensics technologies · Which system forensics tools are commonly used 82