Forensic Tools
This open-source tool is the go-to Linux distro for digital forensics and incident response.
Answer: What is Kali Linux?
This tool is the most commonly used packet sniffer for forensic analysis.
What is Wireshark?
The process of documenting who handled evidence and when.
What is chain of custody?
Investigators often collect GPS data from this type of device frequently used by poachers to track animal movements.
What is a smartphone?
This U.S. law protects the privacy of electronic communications in transit and stored on servers.
What is the Electronic Communications Privacy Act (ECPA)?
A powerful command-line tool used to create bit-for-bit copies of storage devices.
What is dd?
This protocol uses port 443 and encrypts traffic between client and server.
What is HTTPS?
This requirement means investigators must not alter the original evidence.
What is forensic integrity?
Social media evidence of illegal wildlife sales is commonly preserved using this type of forensic capture to ensure authenticity.
What is a screenshot with metadata / web capture?
This constitutional amendment is the basis for requiring warrants in digital searches and preventing unreasonable searches and seizures.
What is the Fourth Amendment?
This GUI tool from AccessData is frequently used for large-scale evidence acquisition and analysis.
What is FTK (Forensic Toolkit)?
These logs track which devices are assigned which IP addresses over time inside a network.
What are DHCP logs?
The legal standard requiring investigators to prove evidence was collected using proper methods.
What is admissibility?
This forensic technique is used to extract location metadata from photos of illegally hunted or trafficked species.
What is EXIF analysis?
This act regulates how law enforcement can access stored emails, cloud data, and subscriber information.
What is the Stored Communications Act (SCA)?
Made by Guidance Software, this tool is known as the gold standard for forensic workstation analysis.
What is EnCase?
This type of attack floods a target with traffic, often requiring forensic packet capture to investigate.
What is a DDoS attack?
This hashing method is commonly used to verify that digital evidence has not changed.
What is SHA-256?
Rangers and conservation officers often rely on this network log type to track illegal fishing vessels entering restricted waters.
What are AIS (Automatic Identification System) logs?
This federal rule outlines the standards for collecting, preserving, and presenting digital evidence in federal courts.
What are the Federal Rules of Evidence (FRE)?
This memory forensics framework helps investigators analyze running processes, DLLs, drivers, and memory artifacts.
What is Volatility?
The technique of analyzing communication flows, timing, and metadata—not payloads—to detect anomalies.
What is traffic analysis?
This doctrine allows evidence discovered unintentionally during a lawful search to be admissible
What is the plain view doctrine?
In cases of endangered-species trafficking, examiners can recover deleted marketplace messages or encrypted chats using this category of forensic extraction on mobile devices.
What is advanced logical or physical extraction?
This law makes unauthorized access to computers and networks a federal crime and is often central to forensic investigations.
What is the Computer Fraud and Abuse Act (CFAA)?