Monday, June 18, 2012

Forensic Process Lifecycle


Forensic lifecycle - DRAFT. This is not meant to be inclusive of every step or technique, but it was meant to provide a basic framework for teaching purposes. Feel free to comment below. (if the pdf does not display correctly, you can view it directly here).

5 comments:

Anonymous Tuesday, 19 June, 2012  

Similar to my research project. Great Minds.

JL Tuesday, 19 June, 2012  

I'd also add Volatility to the RAM analysis section :-)

Yogesh Khatri Friday, 22 June, 2012  

Don't forget the Shell bags.

and welcome back Lance!
- Yogesh Khatri

Lance Mueller Saturday, 23 June, 2012  

Yogesh - Great to hear from you and excellent suggestion.

Richard Bunnell Thursday, 19 July, 2012  

Your PDF is excellent as far as it goes. I think there are other steps. Preservation of evidence (how do you store it), validating of tools (hardware and software - write blockers, archiving programs), and secure archiving (where can this be stored to prevent contamination or destruction) to mention a few that come to mind.
One must be able to go back to the evidence and validate its integrity months or years after the initial exam.
Also the forensic lifestyle involves repetitive processes that can be described in a court of law sometime in the future.

Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles