Difference between revisions of "Techniques"

From ForensicsWiki
Jump to: navigation, search
(Locard's exchange principle.)
m (wow. Didn't raelize that RFC #### was special in mediawiki)
 
(One intermediate revision by the same user not shown)
Line 5: Line 5:
 
* [[Data Reduction]] - By eliminating information that doesn't matter, an investigator is left with information that does matter.
 
* [[Data Reduction]] - By eliminating information that doesn't matter, an investigator is left with information that does matter.
 
* [[Locard's exchange principle]]
 
* [[Locard's exchange principle]]
 +
 +
==Guidelines==
 +
* RFC 3227, "Guidelines for Evidence Collection and Archiving," D. Brezinski and T. Killalea, February 2002.

Latest revision as of 11:40, 30 April 2006

Although the techniques for investigating computer forensics are limited only by an investigator's imagination, here are some guidelines on tried and true methodologies.

Techniques

Guidelines

  • RFC 3227, "Guidelines for Evidence Collection and Archiving," D. Brezinski and T. Killalea, February 2002.