Chapter 5: Computer Investigation Process

Being a digital forensic examiner requires you to have a plan to conduct the investigation. For instance, there is the kitchen sink approach – where the person requesting the examination states, I want it all. However, this is not practical when the smallest drive from a system might contain hundreds of thousands of pages or events. While the kitchen sink approach is a plan, it may not be the most efficient.

In reality, your search method will depend on the crime you are investigating, and whether there are limitations to the scope of the search. In some investigations, the judicial authority may restrict an investigator's access to digital evidence to only email messages, or you may be limited to a ...

Get Learn Computer Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learn Computer Forensics by William Oettinger

Chapter 5: Computer Investigation Process

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly