All right. So for digital forensics, we look at, um we just looked at the process of, you know, starting with identifying information and collecting the physically forensically sound manner. And we went through the various steps
Now with evidence collection, That's what volatility is specifically going to
be relevant in terms off in the steps that we collect evidence. So again, this is not really detailed. But the premise here is, any time you're collecting evidence, you always work for most volatile toe least volatile. So we're talking about volatility
we're talking about,
you know, uh, contents change, for instance, in ram, even more so in cash. Even more so in the CPI register. So we look at that information being very volatile, you know, they lose their contents very quickly.
You've got something open, they're stored on Lian ram, and you have a power glitch. That information's gone right.
Cash doesn't store information for very long. It deletes you know, it overwrites or gets rid of older information. CP registers very small. So information's over written. So when we talk about most volatile, we're thinking memory. Specifically, the CPU registers.
We think about cash we think about ran
The next thing we would think about is what's called virtual memory. You could hear that refer to is a paging file or swap foul, but that's an area that's actually stored on the hard drive. That's a file on the hard drive, but it's designed to act like Ram. So for all intents and purposes, it's RAM.
But it's really a hard drive file.
The reason that significant is again it's very temporary in nature. It's also very slow, and that's not as relevant for forensics, but just something to know. And the swap file was designed based on the fact that Ram is very, very expensive, so we don't always have all the ram we need. So if not,
our systems can use an area
on the hard drive space to swap information that would normally be stored in random. Okay, but again, that's volatile.
Next area, information stored on your disk drives specifically. You know, you look at something like magnetic media. Um, you know, uh, exposure to magnets or other magnetic elements could erase the contents of the drive. Drives can become damaged, so those would be the next step for investigations,
and then we'd be looking at more permanent items, like backups or archives, paper files, things written, optical disk.
So the big point here for forensics? This was true in C I S S P security, plus any sort of test you take that looks at forensics at a high level. Volatility work for most volatile to least so you have reduced the risk of losing it evidence.