Ask Question
7 December, 02:30

What are the steps to collect computer evidence?

(Forensic Science)

+2
Answers (1)
  1. 7 December, 02:45
    0
    The steps are;

    1. Policy and procedure development

    Whether related to malicious cyber activity, criminal conspiracy or the intent to commit crime, digital evidence can be delicate and highly sensitive. Cyber security take this into account and respect the fact that it can be easily be compromised if not properly handled and protected. For this reason, it is critical to establish and follow strict guidelines and procedures for activities related to computer forensic investigations. Cyber security divisions must also set forth rules of governance for all other digital activity within an organization. This is essential to protecting the data infrastructure of law enforcement agencies as well as other organizations.

    2. Evidence Assessment

    Investigative process involves the assessment of potential evidence in cyber crime. Central to the effective processing of evidence is clear understanding of the details of he case at hand and thus the classification of cyber crime in question. Prior to conducting an investigation, the investigator must define the types of evidence sought and have a clear understanding of how to preserve pertinent data. The investigator must also determine the source and integrity of such data before entering it into evidence.

    3. Evidence Acquisition

    Extensive documentation is needed prior to, during, and after the acquisition process; detailed information must be recorded and preserved, including all hardware and software specifications, any systems used in the investigating process and the systems being investigated. Acquiring evidence must be accomplished in a manner both deliberate and legal. Documenting and authenticating the chain of evidence is crucial when pursuing a court case and this is true for computer forensics given the complexity of most cybersecurity cases.

    4. Evidence Examination

    Her procedures must be in place for retrieving, copying, and storing evidence within appropriate databases. Investigators typically examine data from designated archives using a variety of methods and approaches to analyze information. These could include utilizing analysis software to search massive archives of data for specific keywords or files type as well as procedures for retrieving files that have been recently deleted.

    5. Documenting and Reporting

    Computer forensic investigators must keep an accurate record of all activity related to the investigation, including all methods used for testing system functionality and retrieving, copying and storing data, as well as all actions taken to acquire, examine ans assess evidence.
Know the Answer?
Not Sure About the Answer?
Find an answer to your question 👍 “What are the steps to collect computer evidence? (Forensic Science) ...” in 📗 Biology if the answers seem to be not correct or there’s no answer. Try a smart search to find answers to similar questions.
Search for Other Answers