GLOSSARY

burden of proof A term that defines how much evidence is needed to prove a case. In criminal cases, the burden is “beyond a reasonable doubt”; in civil cases, it is “by a preponderance of the evidence.”

capture point The point in time at which evidence is seized.

chain of custody The complete documentation of the path evidence takes from the moment of seizure to presentation at trial.

cluster A cluster is a logical grouping of sectors. Clusters can be 1 sector in size to 128 sectors. That means 512B up to 64KB. The minimum size a file can use is one cluster. If the file is less than the size of a cluster, the remaining space is simply unused.

Daubert standard In laymen’s terms, the Daubert standard is that you should only use tests, ...

Get CCFP Certified Cyber Forensics Professional All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.