The theories, techniques, tools and processes for the identification, collection, acquisition and preservation of digital evidences.
The subdomains for this knowledge domain are:
- Incident analysis, communication, documentation, forecasting (intelligence based), response, and reporting
- Theories, techniques and tools for the identification, collection, attribution, acquisition, analysis and preservation of digital evidence
- Vulnerability analysis and response
- Digital forensic processes and workflow models
- Digital forensic case studies
- Policy issues related to digital forensics
- Resilience aspects
- Anti-forensics and malware analytics
- Citizen cooperation and reporting
- Coordination and information sharing in the context of cross-border/organizational incidents