July 2017
Beginner to intermediate
324 pages
7h 48m
English
Content preview from Digital Forensics and Incident Response
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Keyword Searches
One key advantage that forensic applications have is the ability to perform keyword searches. This is especially advantageous as disk drives have gotten larger and analysts would have to parse through an overwhelming quantity of data. Keywords are often derived from other elements of the investigation, or by using external sources. For example, if an analyst is investigating a malware incident, they may use a suspicious DLL or executable name from the analysis of the memory image.In other instances, such as a malicious insider being suspected of accessing confidential information, keywords in those documents, such as secret or confidential, can be used to see if the suspect had used the system to access those files.
Autopsy ...