Week 3 - Types of Evidence Flashcards
What are common types of evidence?
System logs Application logs/cache files/history Metadata (system and application) Digital artifacts (tell-tale signs from applications) Temporary data (system and application)
What are system logs?
They are the systems logs of events that happened on said system. They give an insight to what has happened on a system level. It can include information from system databases, and is commonly used to identify user logins and related activity.
What are application logs?
They are the log of events and activities that have occured on an application. It is ued to find out what happened when using a certain application. An example is internet browsing history.
What are the two types of metadata?
System based
Application based
What is system based metadata?
Data created by the system that details the info on file creation, modifications, file size, permissions, and owner etc. for each file.
What is application based metadata?
Data associated with specific applications files, that normally includes data on the author and last modified by user. An example is Microsoft word files.
What are digital application artifacts?
Residual files that are left after running applications that detail the usage of that application during that session.
Waht is temporary data?
These files are created during the execution of certain processes for the process to use and store temporary data needed for that execution. These files are ‘cleaned’ or deleted after the process has finished executing.
What is a trace?
Data left behind during the use of digital devices that can give insight into the events that transpired. E.g. a log of a transaction, browser history. It can be used as digital evidence.
