0
1.4kviews
What investigative questions is a live data collection likely to help answer?

Subject: Digital Forensics

Topic: Initial response and forensic duplication

Difficulty: High

1 Answer
0
18views

Potentially, a live collection may answer the majority of questions you may have during the initial stages of an investigation. It depends on the level of detail that you collect during a live response.

A small collection consisting of

• users,

• processes,

• select registry keys, and

• network state

can help you determine if there are signs of malicious activity. A comprehensive collection that includes data sources such as browsing history and the NTFS master file table can reveal far more.

Naturally, there are reasons for and against voluminous collections.

Please log in to add an answer.