Chapter 30: Digital Forensics
Documentation/evidence
Legal hold
Video
Admissibility
Chain of custody
Timelines of sequence of events
Time stamps
Time offset
Tags
Reports
Event logs
Interviews
Acquisition
Order of volatility
Disk
Random-access memory (RAM)
Swap/pagefile
OS
Device
Firmware
Snapshot
Cache
Network
Artifacts
On-premises vs. cloud
Right-to-audit clauses
Regulatory/jurisdiction
Data breach notification laws
Integrity
Hashing
Checksums
Provenance