Skip to content
Log in

Non-volatile data

Definition

Data that persists without power, such as files on a hard disk, SSD, or optical media, and data in non-volatile memory chips. Non-volatile data can be collected after shutdown, though best practice is to collect it after volatile data in a live-response scenario.

Related terms

Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Live response
The process of collecting evidence and triage data from a running system without first powering it down. Preserves volatile artefacts that would...
Memory-resident malware
Malicious code that executes entirely in RAM and writes no files to disk. Fileless malware, PowerShell-based loaders, and certain rootkits fall into...
RFC 3227
Guidelines for Evidence Collection and Archiving, published by the IETF in February 2002. It defines the order of volatility, the documentation requirements...
Volatile data
Any digital information that is lost when power is removed or the system state changes. Examples include RAM contents, CPU register values,...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account