Digital evidence often comes from computers, mobile devices, and digital media that store information required by investigators. That's where forensic investigators use system and file forensics techniques to collect and preserve digital evidence. In this video, learn about system and file forensics, including building images of systems, hashing files, taking screenshots, and conducting media forensics.
- [Narrator] Digital evidence often comes…from computers, mobile devices,…and digital media that stores information…required by investigators.…That's where forensic investigators…use system and file forensic techniques…to collect and preserve digital evidence.…Remember that the first rule of evidence collection…is that investigators must never take any action…that alters the evidence itself…and may lead to misinterpretation.…When it comes to systems and files,…forensic investigators preserve this principle…by never working with the actual physical evidence…unless absolutely necessary.…
It's the equivalent of preserving the scene of the crime.…They do this by creating copies or images…of the physical evidence and then using those images…for digital forensic analysis.…When a forensic analyst creates an image…of a hard drive or other media,…the analyst must connect a device to the drive…and use that device to copy off…the data stored on the device.…Whenever a device is connected to a system,…there is always the risk that the analysis process…
- Building an incident response program
- Escalation and notification
- eDiscovery process
- Conducting investigations
- System and file forensics
- Reporting and documenting incidents
- Business continuity planning
- Validating backups
- Testing BC/DR plans
Skill Level Intermediate
Q: This course was updated on 06/01/2018. What changed?
A: We updated three videos, covering creating an incident response program, communications plan, and response team.