Chapter 5

Use Cases

Abstract

This chapter provides insight into the digital evidence that might be available during various cyber investigations and a sampling of methods that exist to collect this evidence. Evidence triage is a multifaceted process that consists of the evidence collected, the order in which it is collected, and the methodologies used to collect it, all of which can impact the overall integrity, availability, and admissibility of the evidence. This chapter examines a selection of these methodologies, insight into potential concerns and considerations, as well as scenarios that highlight potential order of operations for evidence collection.

Keywords

Acquisition; Event log; File listing; Insider; Locard’s principle; Logged ...

Get Executing Windows Command Line Investigations now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.