CISSP Domain 7: Digital Forensics & Chain of Custody

On the CISSP, digital-forensics questions come down to one move: preserve evidence 1st, analyze 2nd, and prove nothing changed. This Domain 7 deep-dive walks what legally counts as evidence, the chain of custody that keeps it admissible, the order of volatility, and the imaging-and-hashing ritual that proves integrity in court. With Bella, Erica, Liam, and Mei, we cover the security-operations foundations behind 13% of the current exam, plus eDiscovery, legal holds, and how generative AI deepfakes are forcing investigators to authenticate the evidence itself.

In this video:

• What makes evidence admissible, authentic, complete, and reliable, plus Locard’s exchange principle
• Chain of custody: who, what, when, where, why, and why one gap can throw out the case
• The order of volatility: why you capture RAM before you ever pull the plug
• Forensic imaging, cryptographic hashing, write blockers, and analyzing only the copy
• Evidence types (real, documentary, testimonial) and the best-evidence rule
• eDiscovery, legal holds, spoliation, and authenticating evidence in the age of deepfakes

The next video in the series moves into logging and monitoring, the continuous evidence trail that feeds every investigation. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

▶ Watch next: CISSP Domain 7: SIEM, IDS/IPS, Honeypots & UEBA https://www.youtube.com/watch?v=HdS3cmWEcdo

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi