Data Collection Procedures Flashcards
1
Q
What is Data Acquisition?
A
method and tools used to create forensically sound copy of the data from a source device, such as system memory or hard disk.
2
Q
What to collect as evidence?
A
- CPU registers and cache memory
- system memory, routing tables, ARP caches, process tables, temporary swap files
- Data on persistent mass storage (HDD/SDD/flash drive
- Remote logging and monitoring data
- Physical configuration and network topology
- Archival Media
3
Q
A