Digital evidence often comes from computers, mobile devices, and digital media that store information required by investigators. That's where forensic investigators use system and file forensics techniques to collect and preserve digital evidence. In this
- [Instructor] Digital evidence often comes from computers,…mobile devices, and digital media…that store the information required by investigators.…That's where forensic investigators use…system and file forensics techniques…to collect and preserve digital evidence.…Remember that the first rule of evidence collection…is that investigators must never…take any action that alters the evidence itself…and may lead to the misinterpretation of that evidence.…When it comes to systems and files,…forensic investigators preserve this principle…by never working with the actual physical evidence…unless absolutely necessary.…
Investigators do this by creating copies…or images of the physical evidence,…and then using those images for forensic analysis.…When a forensic analyst creates an image…of a hard drive or other media,…the analyst must connect a device to the drive…and use that device to copy off the data…stored on the media.…Whenever media is connected to a system,…there is always the risk that the analysis process…will inadvertently write data to the media.…
Author
Released
11/27/2018- Creating an incident response team
- Classifying incidents
- Building an incident response program
- Identifying symptoms of incidents
- Conducting forensic investigations
- Logging and monitoring
Skill Level Intermediate
Duration
Views
Related Courses
-
Insights from a Cybersecurity Professional
with Mike Chapple32m 15s Intermediate -
CISM Cert Prep: 1 Information Security Governance
with Mike Chapple1h 50m Intermediate
-
Introduction
-
Study resources1m 24s
-
1. Incident Response
-
2. Assessing Incidents
-
Threat classification4m 5s
-
3. Incident Response Process
-
Incident communications plan2m 51s
-
Incident identification4m 2s
-
Escalation and notification2m 42s
-
Mitigation2m 46s
-
Containment techniques3m 21s
-
Validation2m 20s
-
4. Incident Symptoms
-
Network symptoms4m 2s
-
Endpoint symptoms2m 55s
-
Application symptoms2m 20s
-
-
5. Forensic Investigations
-
Evidence types3m 51s
-
System and file forensics4m 17s
-
Creating forensic images5m 36s
-
Digital forensics toolkit2m 44s
-
Password forensics8m 9s
-
Network forensics4m 19s
-
Software forensics2m 52s
-
Mobile device forensics1m 14s
-
Embedded device forensics2m 50s
-
Chain of custody2m 13s
-
6. Logging and Monitoring
-
Data loss prevention6m 34s
-
Conclusion
-
Next steps1m 16s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: System and file forensics