Order of Volatility
The order of volatility influences how digital evidence is gathered in computer/digital forensics.
- place more urgency on gathering more volatile evidence first
Volatility is the relative permanence of a piece of evidence.
- more volatile evidence may be lost easily
Order
- Network traffic
- Memory contents
- System and process data
- Files
- temp files such as swap space first
- Logs
- Archived records