Digital evidence often comes from computers, mobile devices, and digital media that store information required by investigators. That's where forensic investigators use system and file forensics techniques to collect and preserve digital evidence. In this video, learn about system and file forensics, including building images of systems, hashing files, taking screenshots, and conducting media forensics.
- [Instructor] Digital evidence often comes…from computers, mobile devices, and digital media…that store the information required by investigators.…That's where forensic investigators use system…and file forensics techniques to collect…and preserve digital evidence.…Remember that the first rule of evidence collection…is that investigators must never take any action…that alters the evidence itself and may lead to the…misinterpretation of that evidence.…When it comes to systems and files, forensic investigators…preserve this principle by never working with the…actual physical evidence unless absolutely necessary.…
Investigators do this by creating copies, or images,…of the physical evidence and then using those images…for forensic analysis.…When a forensic analyst creates an image of a hard drive…or other media, the analyst must connect a device…to the drive and use that device…to copy off the data stored on the media.…Whenever media is connected to a system,…there is always the risk that the analysis process…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Conducting investigations
- Reporting and documenting incidents
- Continuous security monitoring
- Preventing data loss and theft
- Asset management
- Change management
- Virtualization security
- Security principles: need to know, separation of duties, and more
- Building an incident response program
- Personnel safety and emergency management
Skill Level Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. Investigations and Forensics
2. Logging and Monitoring
Data loss prevention6m 34s
3. Resource Security
4. Security Principles
5. Incident Management
6. Personnel Safety
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.