From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
System and file forensics
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
System and file forensics
- [Instructor] Digital evidence often comes from computers, mobile devices and digital media that store information required by investigators. That's where forensic investigators use system and file forensic techniques to collect and preserve their digital evidence. Now remember, the first rule of evidence collection is that investigators must never take any action that alters the evidence itself, and may lead to misinterpretation. When it comes to systems and files, forensic investigators preserve this principle by never working with the actual physical evidence, unless absolutely necessary. They do this by creating copies or images of the physical evidence, and then using those images for forensic analysis. When a forensic analyst creates an image of a hard drive or other media, they must connect the device to the drive and then use that device to copy off the data stored on the drive. Whenever a drive is connected to…
Contents
-
-
-
-
-
-
(Locked)
Conducting investigations3m 50s
-
(Locked)
Evidence types3m 28s
-
(Locked)
Introduction to forensics3m 21s
-
(Locked)
System and file forensics4m 26s
-
(Locked)
File carving3m 46s
-
(Locked)
Creating forensic images5m 30s
-
Digital forensics toolkit2m 25s
-
(Locked)
Operating system analysis6m 9s
-
(Locked)
Password forensics7m 16s
-
(Locked)
Network forensics4m 1s
-
(Locked)
Software forensics4m 25s
-
(Locked)
Mobile device forensics1m 10s
-
(Locked)
Embedded device forensics2m 30s
-
(Locked)
Chain of custody1m 50s
-
(Locked)
Ediscovery and evidence production3m 3s
-
(Locked)
Exploitation frameworks6m 4s
-
(Locked)
-