Chapter5

Incident response 

-The immediate response to an incident 

-How do you rspond to it 

Digital Forensics 

Preserving Evidence 

-Make a copy of the drive or device and hash it. 

-Don’t work off original copy 

Civil and Criminal Complaints 

-Civil complaint: citizen or company going after another 

-Criminal complaint: crimes been commited. 

US forth amendment: need a warrant to seize ur devices, protect right to privacy 

• If police wants to go through car, they have to ask you, unless they have probable cause. 
• If you are in a workplace, your privacy expectation is nill 

Hard Disk technology 

-SSD: thumb drives use 

-SATA drives: mechanical 

Hard drive formatting 

-preformed by manufacturer: low level 

-High level preformed by user 

Cluster overhang: when a file takes up unused space on a drive 

Inodes – a pointer to a file that has all the info about the file in it