The IT Law Wiki


32,077pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Examination is

[a] technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.[1]
[t]he second phase of the computer and network forensics process, which involves forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data.[2]

References Edit

  1. NIST Special Publication 800-72, Glossary, at 58.
  2. NIST Special Publication 800-86, at C-1.

Also on Fandom

Random Wiki