From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

System and file forensics

System and file forensics

From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Start my 1-month free trial

System and file forensics

- [Instructor] Digital evidence often comes from computers, mobile devices and digital media that store information required by investigators. That's where forensic investigators use system and file forensic techniques to collect and preserve their digital evidence. Now remember, the first rule of evidence collection is that investigators must never take any action that alters the evidence itself, and may lead to misinterpretation. When it comes to systems and files, forensic investigators preserve this principle by never working with the actual physical evidence, unless absolutely necessary. They do this by creating copies or images of the physical evidence, and then using those images for forensic analysis. When a forensic analyst creates an image of a hard drive or other media, they must connect the device to the drive and then use that device to copy off the data stored on the drive. Whenever a drive is connected to…

Contents