Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 12: Digital Forensics - Coggle Diagram
Chapter 12: Digital Forensics
Introduction to Digital Forensics
Understanding Digital Forensics
Documentary Evidence
Testimonial Evidence
Real Evidence
Demonstrative Evidence
Knowledge That is Needed for Forensic Analysis
Storage Devices
Operating Systems
File Systems
Networks
Software
Computer Memory
Hardware
Overview of Computer Crime
Instrument
Repository
Target
Types of Computer Crime
The Impact of Computer Crime on Forensics
Forensic Methods and Labs
Forensic Methodologies
Consider data volatility
U.S. Department of Defense Forensic Standards
Develop an analysis plan first
Digital Forensic Research Workshop Framework
Do not exceed your knowledge
Scientific Working Group on Digital Evidence Framework
Enforce the rules of evidence
Event-Based Digital Forensic Investigation Framework
Minimize original data handling
Setting Up a Forensic Lab
OSForensics
Kali Linux
Forensic Toolkit
Helix
EnCase
AnaDisk Disk Analysis Tool
WinHex
The Sleuth Kit
memdump
Eric Zimmerman Tools
dd
Kroll Artifact Parser and Extractor (KAPE)
Collecting, Seizing, and Protecting Evidence
The Importance of Proper Evidence Handling
Admissibility
Acquisition
Legal Hold
Chain of Custody
Provenance
Time Stamps
Time Offset
Preservation
Hash Function
Imaging Original Evidence
Recovering Data
Undeleting Data
Recovering Data From Damaged Media
Operating System Forensics
Internals and Storage
Command-Line Interface and Scripting
Mobile Forensics
Mobile Device Evidence
Seizing Evidence from a Mobile Device
Oxygen Forensic Detective
Elcomsoft Mobile Forensic Bundle
Susteen Secure View
Cellebrite UFED
MOBILedit Forensic Express
Belkasoft Evidence Center
MSAB XRY