Term
What are the 8 steps associated with Forensic Methodology (508.1 pg. 25)? |
|
Definition
First, verify an incident has occurred. Second, provide an in-depth description of the system (26). Third, evidence collection (27). Fourth, obtain a timeline of the entire system (28). Fifth, analyze the media (30). Sixth, Sting/Keyword Search (32). Seventh, data recovery (33). Finally, reporting (34). |
|
|
Term
| What is a System Description as it pertains to DFS? |
|
Definition
Information about the machine that would be used in an investigation. |
|
|
Term
| What are common, and important, examples of items retrieved during Evidence Collection? |
|
Definition
Forensic Images, pertinent data, and other volatile data. |
|
|
Term
What is useful Timeline Analysis information? |
|
Definition
File timeline analysis: Windows Artifact Updates (OS was installed), Registry Last Write Times (last time system was used), Windows File System Updates (major updates were performed). |
|
|
Term
What is Media Analysis and on what is it conducted on; Original or copy? |
|
Definition
The static investigation of the copies of the original evidence collected from the system. |
|
|
Term
What is a Sting/Keyword Search? |
|
Definition
A method of finding specific data in evidence quickly. |
|
|
Term
|
Definition
Recovering deleted files, images, and emails. File fragments and unrecoverable data are also included. |
|
|
Term
What constitutes good Reporting? |
|
Definition
Clearly explains the evidence found, techniques used, defines everything that is technical. Done so people understand the process of the investigation. |
|
|
