Forensic Methodologies
You will learn very specific techniques for computer forensics; however, it is important that you have a general framework for approaching forensics. This section examines general principles and specific methodologies you can apply to your own forensic investigations. First, here are some basic principles to consider.
Handle Original Data as Little as Possible
A forensic specialist should touch the original data as little as possible. Instead, information should be copied prior to examination. This means that the first step in any investigation is to make a copy of the suspected storage device. In the case of computer hard drives, you make a complete copy. That means a bit-level copy. Tools like EnCase, Forensic Toolkit, ...
Get System Forensics, Investigation, and Response, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
