From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
System and file forensics
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
System and file forensics
- [Instructor] Digital evidence often comes from computers, mobile devices, and digital media that store the information required by investigators. That's where forensic investigators use system and file forensics techniques to collect and preserve digital evidence. Remember that the first rule of evidence collection is that investigators must never take any action that alters the evidence itself and may lead to the misinterpretation of that evidence. When it comes to systems and files forensic investigators preserve this principle by never working with the actual physical evidence unless absolutely necessary. Investigators do this by creating copies, or images of the physical evidence and then using those images for forensic analysis. When a forensic analyst creates an image of a hard drive or other media the analyst must connect a device to the drive and use that device to copy off the data stored on the media.…
Contents
-
-
-
-
-
-
Conducting investigations5m 7s
-
Evidence types3m 51s
-
Introduction to forensics4m 6s
-
System and file forensics4m 17s
-
File carving3m 1s
-
Creating forensic images5m 36s
-
Digital forensics toolkit3m 13s
-
Operating system analysis6m 25s
-
Password forensics8m 9s
-
Network forensics4m 50s
-
Software forensics3m 32s
-
Mobile device forensics1m 32s
-
Embedded device forensics2m 50s
-
Chain of custody2m 13s
-
Ediscovery and evidence production3m 15s
-
-