Forensics Flashcards
What is digital forensics?
The process of identifying, preserving, analyzing, and presenting digital evidence for use in investigations.
What is the first step in a digital forensics investigation?
Preservation—securing and isolating digital evidence to prevent tampering or loss.
What is chain of custody?
A documented trail that shows the control, transfer, and analysis of digital evidence from collection to presentation in court.
What are the main types of digital forensics?
Computer forensics, mobile forensics, network forensics, and cloud forensics.
What is a hash function in digital forensics?
A cryptographic algorithm used to create a unique digital fingerprint of a file to ensure its integrity.
What is live forensics?
The process of collecting digital evidence from a system that is still running.
What is volatile data?
Information stored in RAM that is lost when a computer is powered off.
What is file carving in digital forensics?
The technique of recovering deleted or corrupted files from a hard drive based on file signatures.
What is a forensic image?
An exact bit-by-bit copy of a storage device, created to preserve the original evidence for analysis.
What is the role of EnCase in digital forensics?
EnCase is a popular digital forensics tool used to collect and analyze evidence from various digital devices.
What is network forensics?
The process of capturing, analyzing, and investigating network traffic to uncover cybercrimes.
What is a forensic report?
A formal document summarizing the findings, methods, and conclusions of a digital forensics investigation.
