From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

System and file forensics

System and file forensics

From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response

Start my 1-month free trial

System and file forensics

- [Instructor] Digital evidence often comes from computers, mobile devices, and digital media that store the information required by investigators. That's where forensic investigators use system and file forensics techniques to collect and preserve digital evidence. Remember that the first rule of evidence collection is that investigators must never take any action that alters the evidence itself and may lead to the misinterpretation of that evidence. When it comes to systems and files forensic investigators preserve this principle by never working with the actual physical evidence unless absolutely necessary. Investigators do this by creating copies, or images of the physical evidence and then using those images for forensic analysis. When a forensic analyst creates an image of a hard drive or other media the analyst must connect a device to the drive and use that device to copy off the data stored on the media.…

Contents