Definitions[]
Examination is
| “ | [a] technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.[1] | ” |
| “ | [t]he second phase of the computer and network forensics process, which involves forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data.[2] | ” |
References[]
- ↑ NIST Special Publication 800-72, Glossary, at 58.
- ↑ NIST Special Publication 800-86, at C-1.