Investigation, Evidence, and Forensics


Investigation: systematic or formal process of inquiring into or researching, and examining facts or materials associated with a matter.
Source: ISO/IEC 27035-3:2020 Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations


Evidence: Grounds for belief or disbelief; data on which to base proof or to establish truth or falsehood.
Note 1: Evidence can be objective or subjective. Evidence is obtained through measurement, the results of analyses, experience, and the observation of behavior over time.
Note 2: The security perspective places focus on credible evidence used to obtain assurance, substantiate trustworthiness, and assess risk.
Source: NIST SP 800-160 Vol. 1

Evidence: information supporting the occurrence of an event or action.
Note 1 to entry: Evidence does not necessarily prove the truth or existence of something but can contribute to the establishment of such a proof.
Source: ISO/IEC 13888-1:2020 Information security — Non-repudiation — Part 1: General


Forensics: The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
Source: CNSSI 4009-2015

Digital forensics: In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.
Source: CNSSI 4009-2015 from DoDD 5505.13E

Forensic science: The use or application of scientific knowledge to a point of law, especially as it applies to the investigation of crime
Source: NISTIR 8006 from SWDGE v2.0

Forensic copy: An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
Source: CNSSI 4009-2015 from NIST SP 800-72

  • 調查(investigation): 為深入了解特定人,事,物等事實, 所採行之正式而系統化的探詢, 查驗及研究.
  • 據(evidence): 可以支持或證明某一事件、行動或判定事實真假之資訊.
  • 鑑識(forensics): 為法律檢調之目的所採行之證據採集, 保存及分析等作為.



專案是實現使命、願景,及戰略的具體努力。使命感、遠見與作夢的能力(visioning)、共享願景(“shared” vision),及深謀遠慮的戰略是重點。

這是一個講求結果、成敗論英雄的世界。專案成敗有客觀的定義,也有主觀的感受。客觀的範圍、時間、成本目標可量化,質化的專案目的(purpose) 及需要(needs) 難衡量。專案客觀達標,但主觀感受未被滿足,可能也會變成無效努力。專案分做事(management)跟作人(leadership) 二個部分,各有不同的方法(approach)及風格(style).


  • 心存善意、與人為善
  • 誠實正直、追求成功
  • 重視結果、目標導向
  • 用對方法、講求紀律

Service-Oriented Architecture (SOA), Web Services, and Microservices

Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)

Service-oriented architecture (SOA) can be fulfilled by web services or Microservices. The web services approach leads to the SOA, while the microservices architecture is an extension to the SOA. Enterprise application integration (EAI) based on SOA typically implements a shared enterprise service bus (ESB) for enterprise applications to exchange messages. Microservices are hosted in one or more containers collaborating under the orchestration of Google Kubernetes (K8S), Docker Swarm, or Apache Mesos.

Continue reading