Examining the structure and contents of file systems on storage devices to gather evidence for investigations.

Analyzing network traffic for evidence

Recovering lost passwords from social media accounts

Decrypting encrypted files without authorization

Network forensics is irrelevant in cyber investigations

Network forensics is important in cyber investigations to analyze network traffic and logs for evidence of malicious activities, security breaches, or unauthorized access.

Network forensics only focuses on legal aspects in cyber investigations

Network forensics can be replaced by traditional investigation methods in cyber investigations

Memory Forensics is used to analyze non-volatile memory for extracting information

Memory Forensics is only used for analyzing network traffic

Memory Forensics is used in forensic investigations to analyze volatile memory (RAM) for extracting valuable information related to security incidents and uncovering hidden artifacts that traditional disk-based forensics may miss.

Memory Forensics is not relevant in forensic investigations

Prevention, Analysis, Resolution, Backup, Assessment, Reporting

Detection, Isolation, Elimination, Restoration, Evaluation, Documentation

Assessment, Isolation, Resolution, Backup, Evaluation, Documentation

Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned

EnCase Forensic, FTK (Forensic Toolkit), Sleuth Kit

Autopsy

X-Ways Forensics

Cellebrite

File System Analysis recovers files by guessing the content of the deleted files

File System Analysis recovers files by creating duplicates of the deleted files

File System Analysis helps in recovering deleted files by examining the file system metadata and structures to identify remnants of the deleted files.

File System Analysis relies on magic to recover deleted files

The key differences between live network forensics and post-mortem network forensics are the real-time analysis of network traffic vs. analyzing stored data after an incident, and the need for specialized tools for live forensics vs. relying on preserved data for post-mortem forensics.

Post-mortem network forensics requires real-time analysis

Live network forensics is done after an incident

Live forensics relies on preserved data