25-08-2017, 09:32 PM
COMPUTER FORENSIC ANALYSIS
COMPUTER FORENSIC.ppt (Size: 462 KB / Downloads: 22)
Objectives Of Analysis Process During Investigation:
The purpose of this process is to discover and recover evidences related to the case being investigated.
Data related to the case found will be extracted out and interpreted and subsequently put it in a logical and useful format.
The findings of this process will determine whether the suspect can be charged in the court of law or not.
Due to the criticality of this stage, due care must be adhered when analyzing the digital evidence.
The integrity of the evidence must be maintained at all time by adhering to prudent preservation methods.
Chain of custody must be maintained at all times too.
Collecting Evidence
Before collecting evidence at a crime scene, first responders
should ensure that—
Legal authority exists to seize evidence.
The scene has been secured and documented.
Appropriate personal protective equipment is used.
Securing and Evaluating the Scene
When securing and evaluating the scene, the first responder should—
Follow departmental policy for securing crime scenes.
Immediately secure all electronic devices, including personal or portable devices.
Ensure that no unauthorized person has access to any electronic devices at the crime scene.
Refuse offers of help or technical assistance from any unauthorized persons.
Remove all persons from the crime scene or the immediate area from which evidence is to be collected.
Ensure that the condition of any electronic device is not altered.
If the Computer Is OFF
Place tape over the floppy disk slot, if present.
Make sure that the CD or DVD drive trays are retracted into place; note whether these drive trays are empty, contain disks, or are unchecked; and tape the drive slot closed to prevent it from opening.
Place tape over the power switch.
Record the make, model, serial numbers, and any user-applied markings or identifiers.
Record or log the computer and all its cords, cables, wires, devices, and components according to agency procedures.
Package all evidence collected following agency procedures to prevent damage or alteration during transportation and storage.