A forensic investigator is assigned to analyze a large volume of digital evidence related to...

A forensic investigator is assigned to analyze a large volume of digital evidence related to a sophisticated cyberattack targeting a company ' s internal network. The attack, which affected several systems across the enterprise, involved the exploitation of multiple vulnerabilities. Due to the complexity and scale of the case, the investigator decides to implement computerized forensic tools to streamline the investigation process. These tools are used to create bit-by-bit copies of several suspect drives, ensuring the integrity of the original evidence and enabling further analysis without altering the original data.

In addition to creating forensic images, the investigator uses advanced hash analysis techniques to quickly identify potentially malicious files by comparing file hashes against known threat databases. Furthermore, to manage the large volume of event logs generated during the attack, the investigator utilizes forensic tools to analyze timestamps and generate a detailed timeline of activities. This timeline highlights key events in the attack, such as the initial breach, lateral movement within the network, and the exfiltration of sensitive data. By streamlining these tasks, the investigator can focus on the critical analysis required to understand the full scope of the attack. Which forensic process is being described here?