Data Analysis Techniques
Forensic analysis is not like baking a cake, but there are some similarities. Baking a cake is easier if you locate and organize all the ingredients first. If you set your egg, frosting, butter, flour, and all the other ingredients listed on the recipe on the countertop before you begin, you are likely to bake a better cake in a shorter period of time. This same principle lends itself to computer forensics. If you concentrate on the extraction of data prior to any interpretation, it often fosters a much more thorough, complete forensic analysis. It may also save time.
In this chapter, we discuss how to locate and organize all of the pieces of computer media and assemble them before you begin any interpretation ...

Get Incident Response & Computer Forensics, 2nd Ed., 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.