Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
The most volatile evidence is the most likely to disappear before it can be documented or collected. Which of these comes first in the order of volatility?
Registers and cache
Routing tables
ARP cache
System memory
Order of volatility of digital evidence 1. CPU, cache and register content 2. Routing table, ARP cache, process table, kernel statistics 3. Memory 4. Temporary file system / swap space 5. Data on hard disk 6. Remotely logged data 7. Data contained on archival media http://digital-forensics.sans.org/blog/2009/09/12/best-practices-in-digital-evidence-collection/
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.