Digital Forensic Procedures

Question 1

What is Digital Forensics?

Answer 1

process of investigating and analyzing digital devices and data to uncover evidence for legal purposes

Question 2

What are the 4 main phases of Digital Forensics?

Answer 2

1. Identification
2. Collection
3. Analysis
4. Reporting

Question 3

Explain Identification in Digital Forensics

Answer 3

ensuring the safety of the scene, securing it to prevent any evidence contamination, and determining the scope of the evidence to be collected.

Question 4

Explain Collection in Digital Forensics

Answer 4

Refers to the process of gathering, preserving, and documenting physical or digital evidence in various fields

Question 5

What is Order of Volatility?

Answer 5

dictates the sequence in which data sources should be collected and preserved based on their susceptibility to modification or loss

Question 6

What is the Chain of Custody?

Answer 6

documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence from the moment that it’s collected until it is presented in a court of law.

Question 7

What is Disk Imaging?

Answer 7

involves creating a bit-by-bit or logical copy of a storage device, preserving its entire content, including deleted files and unallocated space

Question 8

What is File Carving?

Answer 8

focuses on extracting files and data fragments from storage media without relying on the file system.

Question 9

Explain Analysis in Digital Forensics

Answer 9

systematically scrutinizing the data to uncover relevant information, such as potential signs of criminal activity, hidden files, timestamps, and user interactions

Question 10

Explain Reporting in Digital Forensics

Answer 10

Involves documenting the findings, processes and methodologies used during a digital forensic investigation

Question 11

What is Legal Hold?

Answer 11

formal notification that instructs employees to preserve all potentially relevant electronic data, documents, and records.