Data Collection Procedures Flashcards

1
Q

What is Data Acquisition?

A

method and tools used to create forensically sound copy of the data from a source device, such as system memory or hard disk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What to collect as evidence?

A
  1. CPU registers and cache memory
  2. system memory, routing tables, ARP caches, process tables, temporary swap files
  3. Data on persistent mass storage (HDD/SDD/flash drive
  4. Remote logging and monitoring data
  5. Physical configuration and network topology
  6. Archival Media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly