Presentation on theme: "Guide to Computer Forensics and Investigations Fourth Edition"— Presentation transcript: 1 Guide to Computer Forensics and Investigations Fourth Edition Show
2 Guide to Computer Forensics and Investigations 3 Introducing Data Acquisition
4 Introducing Data Acquisition (Cont.) 5 Introducing Data Acquisition
(Cont.) 6 Introducing Data Acquisition (Cont.)
7 Introducing Data Acquisition (Cont.)
8 Understanding Storage Formats for Digital Evidence 9 Understanding
Storage Formats for Digital Evidence (Cont.) 10 Understanding Storage Formats for Digital Evidence (Cont.) 11 Understanding Storage Formats for Digital Evidence
(Cont.) 12 Understanding Storage Formats for Digital Evidence (Cont.)
13 Determining the Best Acquisition Method 14 Determining the Best Acquisition Method (Cont.)
15 Determining the Best Acquisition Method (Cont.) 16 Track Geometry of a Hard Drive Sector Allocated Unit sizes
17 Determining the Best Acquisition Method (Cont.)
18 Determining the Best Acquisition Method (Cont.)
19 Determining the Best Acquisition Method (Cont.) 20 Contingency
Planning for Image Acquisitions 21 Validating Data Acquisitions 22 Validating Data Acquisitions (Cont.)
23 Guide to Computer Forensics and Investigations What type of acquisition is typically done on a computer seized during a police raid?Forensics MT MC3. What is static acquisition in computer forensics?static acquisition. a data acquisition method used when a suspect drive is write-protected and can't be altered. if disk evidence is preserved correctly, static acquisitions are repeatable. whole disk encryption. an encryption technique that performs a sector-by-sector encryption of an entire drive.
Which acquisition method captures only specific files and collect fragments of unallocated data?Sparse acquisition is similar to logical acquisition. Through this method, investigators can collect fragments of unallocated (deleted) data.
What is live acquisition method?Live Data Acquisition is the process of extracting volatile information present in the registries, cache, and RAM of digital devices through its normal interface. The volatile information is dynamic in nature and changes with time, therefore, the investigators should collect the data in real time.
|