Forensic lifecycle - DRAFT. This is not meant to be inclusive of every step or technique, but it was meant to provide a basic framework for teaching purposes.
Feel free to comment below.
(if the pdf does not display correctly, you can view it directly
here).
ShareThis
Posts
5 comments:
Similar to my research project. Great Minds.
I'd also add Volatility to the RAM analysis section :-)
Don't forget the Shell bags.
and welcome back Lance!
- Yogesh Khatri
Yogesh - Great to hear from you and excellent suggestion.
Your PDF is excellent as far as it goes. I think there are other steps. Preservation of evidence (how do you store it), validating of tools (hardware and software - write blockers, archiving programs), and secure archiving (where can this be stored to prevent contamination or destruction) to mention a few that come to mind.
One must be able to go back to the evidence and validate its integrity months or years after the initial exam.
Also the forensic lifestyle involves repetitive processes that can be described in a court of law sometime in the future.
Post a Comment