Cyber forensics

Related terms

Chain of custody

The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...

Indicator of Compromise (IoC)

An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...

Cybercrime

Offences where a computer network is the tool or the target. Tool-based cybercrime includes fraud, harassment, and intellectual property theft conducted online....

Digital forensics

The discipline concerned with the recovery, preservation, and analysis of evidence stored on physical digital devices. Primary evidence sources are disk images,...

Mutual Legal Assistance Treaty (MLAT)

A bilateral or multilateral treaty under which signatory states agree to assist each other in gathering evidence for criminal investigations. MLATs define...

Network flow record (NetFlow)

A summarised record of a network conversation: source IP, destination IP, ports, protocol, byte count, and duration. Flow records do not contain...

Network forensics

A sub-discipline of cyber forensics focused on capturing and analysing network traffic, packet captures, and flow records to reconstruct communications and identify...

Order of volatility

The sequence in which digital evidence should be collected, ranked from most to least transient. Defined in RFC 3227. CPU registers and...

Explained in these topics

• Cyber Forensics vs Digital Forensics: Scope and BoundariesThe discipline concerned with network-sourced evidence, online accounts, and the investigation of cybercrime. Evidence sources include network traffic captures...
• What Is Cyber ForensicsThe branch of forensic science concerned with collecting, preserving, and analysing digital evidence from networked environments for use in legal proceedings....