CCNA CyberOps SECOPS – Objective 1.6

Compare and contrast three types of evidence

Implementing Cisco Cybersecurity Operations (210-255)

Best Evidence

Traditionally this term refers to evidence that can be presented in court in its original form. With cybersecurity, most courts will also accept a digital copy if proper procedures are followed.

Corroborating Evidence

Evidence that supports a theory or assumption deduced from initial evidence.

Indirect or Circumstantial Evidence

Evidence that requires extrapolation to support a conclusion of fact. Examples include fingerprints and DNA. Forensic information presented by cybersecurity professionals is often considered indirect.