Digital Forensic Procedures Flashcards
What is Digital Forensics?
process of investigating and analyzing digital devices and data to uncover evidence for legal purposes
What are the 4 main phases of Digital Forensics?
- Identification
- Collection
- Analysis
- Reporting
Explain Identification in Digital Forensics
ensuring the safety of the scene, securing it to prevent any evidence contamination, and determining the scope of the evidence to be collected.
Explain Collection in Digital Forensics
Refers to the process of gathering, preserving, and documenting physical or digital evidence in various fields
What is Order of Volatility?
dictates the sequence in which data sources should be collected and preserved based on their susceptibility to modification or loss
What is the Chain of Custody?
documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence from the moment that it’s collected until it is presented in a court of law.
What is Disk Imaging?
involves creating a bit-by-bit or logical copy of a storage device, preserving its entire content, including deleted files and unallocated space
What is File Carving?
focuses on extracting files and data fragments from storage media without relying on the file system.
Explain Analysis in Digital Forensics
systematically scrutinizing the data to uncover relevant information, such as potential signs of criminal activity, hidden files, timestamps, and user interactions
Explain Reporting in Digital Forensics
Involves documenting the findings, processes and methodologies used during a digital forensic investigation
What is Legal Hold?
formal notification that instructs employees to preserve all potentially relevant electronic data, documents, and records.