The digital forensic process

Much like the incident response process, the digital forensic process defines the flow of digital evidence related to an incident from when it is first identified to when it is presented to either the senior leadership or to a trier of fact such as a civil or criminal court. There are a number of schemas that define this process and, for the most part they generally follow a similar path. In this case, we will be utilizing the Digital Forensics Research Workshop (DFRWS) Digital Investigate Framework. This framework contains six elements:

  1. Identification.
  2. Preservation.
  3. Collection.
  4. Examination.
  5. Analysis.
  6. Presentation.

From an incident response standpoint, will not normally seize network components or critical ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.