Procedure To Collect Digital Evidence
When collecting and analyzing evidence, there is a general four-step procedure you should follow:
1. Identification of Evidence:
- You must be able to distinguish between evidence and junk data. For this purpose, you should know what the data is, where it is located, and how it is stored.
- Once this is done, you will be able to work out the best way to retrieve and store any evidence you find.
- The evidence you find must be preserved as close as possible to its original state.
- Any changes made during this phase must be documented and justified.
- The stored evidence must then be analyzed to extract the relevant information and recreate the chain of events.
- Analysis requires in-depth knowledge of what you are looking for and how to get it.
- Always be sure that the person or people who are analyzing the evidence are fully qualified to do so.
- Communicating the meaning of your evidence is vitally important—otherwise you can’t do anything with it.
- The manner of presentation is important, and it must be understandable by a layman to be effective.
- It should remain technically correct and credible.
- A good presenter can help in this respect.
Procedure To Collect Digital Evidence
Reviewed by Unknown
on
10:00 AM
Rating:
Reviewed by Unknown
on
10:00 AM
Rating:
No comments: