Difference between revisions of "Techniques"

From Forensics Wiki
Jump to: navigation, search
(Locard's exchange principle.)
m
Line 5: Line 5:
 
* [[Data Reduction]] - By eliminating information that doesn't matter, an investigator is left with information that does matter.
 
* [[Data Reduction]] - By eliminating information that doesn't matter, an investigator is left with information that does matter.
 
* [[Locard's exchange principle]]
 
* [[Locard's exchange principle]]
 +
 +
==Guidelines==
 +
* [http://www.faqs.org/rfcs/rfc3227.html RFC 3227], "Guidelines for Evidence Collection and Archiving," D. Brezinski and T. Killalea, February 2002.

Revision as of 10:39, 30 April 2006

Although the techniques for investigating computer forensics are limited only by an investigator's imagination, here are some guidelines on tried and true methodologies.

Techniques

Guidelines

  • RFC 3227, "Guidelines for Evidence Collection and Archiving," D. Brezinski and T. Killalea, February 2002.