RA2999: Examine Content
Summary
| ID | RA2999 |
|---|---|
| Brief Description | Abstract action for getting any useful information from different entities |
| Author | Alex@Cyberok |
| Creation Date | 2023/03/22 |
| References | |
| Response Stage | Identification |
Description
Content analysis is best understood as a broad family of techniques. Effective researchers choose techniques that best help them answer their substantive questions. That said, according to Klaus Krippendorff, six questions must be addressed in every content analysis:
- Which data are analyzed?
- How are the data defined?
- From what population are data drawn?
- What is the relevant context?
- What are the boundaries of the analysis?
- What is to be measured?
In case of response action such action is used for extracting digital artifacts from different entities.
For example:
1) Examine content in windows registry key which can be used in investigation and find redirect to malware file;
