Recovering Data
Much of the evidence a forensic investigator collects is stored as digital files on storage media. The general process of engaging in investigative activities to find and recover digital data for evidence is called e-discovery, or electronic discovery. E-discovery is an iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence, and then recovering those items. While some data may remain intact and readily visible to common tools, some data may have been deliberately deleted or be stored on damaged media. Part of a digital forensic investigator’s activities involves identifying and recovering data that is not easily accessible, for which the common term ...
Get Fundamentals of Information Systems Security, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
