Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Order of volatility is the forensic principle, defined in RFC 3227, of collecting the most ephemeral evidence first to avoid losing volatile data.
Order of Volatility Definition: Order of volatility is the forensic principle, defined in RFC 3227, of collecting the most ephemeral evidence first to avoid losing volatile data.
Order of volatility is the digital forensics principle of collecting evidence from the most ephemeral data sources first before they are lost, then proceeding to more persistent ones. As described in RFC 3227, the typical sequence runs from CPU registers and cache, to RAM and routing tables, to running processes and network connections, then disk and finally archival media and backups. Following this order preserves the maximum amount of recoverable evidence during incident response.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →