A Threat and Risk Assessment tries to answer the following questions.

• What needs to be protected?
• Who/What are the threats and vulnerabilities?
• What are the implications if they were damaged or lost?
• What is the value to the organization?
• What can be done to minimize exposure to the loss or damage?

The outcome or objective of a threat and risk assessment is to provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability.

Vulnerabilities in products (bugs in the code!) and information systems (bad design) or changes in the network constitute a potential risk of exposure. A vulnerability assessment is the process of identifying, quantifying, and prioritizing these vulnerabilities before they are exploited by attackers and help to determine adequate security measures.

Digital evidence can be collected from many sources. Obvious sources include computers, cell phones, digital cameras, hard drives, CD-ROM, USB memory devices, and so on. Non-obvious sources include settings of digital thermometers, black boxes inside automobiles, RFID tags, and web pages (which must be preserved as they are subject to change). The goal of computer forensics is to explain the current state of that digital evidence