HMWK-Computer Forensics Processing Checklist

HMWK-Computer Forensics Processing Checklist - Standard...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Standard Operating Procedures -- Pueblo High-Tech Crimes Unit Investigative and Technical Protocols -- Computer Forensics Processing Checklist 2 June 2000 Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians working with our Pueblo High- Tech Crimes Unit basic guidelines so that we are all doing the same thing or at least considering the same issues as we work a case either with an investigator from our own agency, or a request from another agency. This is an education guide, not an instruction. It details documentation requirements for a computer forensics media analysis case after search and seizure of media. This takes the media analysis process from check out of evidence from the evidence room until complete support closure and report writing. This is a living process that must allow for changes and updates, as well as flexibility and room for decision-making on the part of the media analyst to fit particular requirements of each case. However, there are core requirements that must be met for each and every case, or nearly all cases, and those will be explained in training. Techniques may vary depending on the circumstances of the case, equipment availability, and the experience of the computer forensic technician. Preliminaries 1. Begin tracking the man-hours you put into the media analysis and administrative work. 2. Verify search authority, consent, warrant, subpoena for exact legal level of analysis. Ensure what level of analysis and what files you can examine (i.e., Does the warrant cover e-mail, unopened e-mail, etc.). Get a copy of this document and place it in your analysis case file. 3. Pull up the master of the case documentation file and place it in the analysis case file. 4. Create a modified boot disk for the forensic software (EnCase). Ensure it is of the current version loaded on the forensic machine. Determine Best Method Determine the best method to process any computer-related evidence. If the Pueblo High-Tech Crimes Unit forensic examiner cannot process the evidence seized due to lack of experience, lack of training, or lack of equipment, the officer submitting the evidence or the forensic examiner will complete a Colorado Bureau of Investigation "request for assistance" form and submit the evidence to the CBI lab. Prepare the Case File Fill out all the necessary and place all initial case documentation in this file so that you can keep track of important details from the start of the forensic exam. Ensure you have a search warrant or consent to search when you open a case file, and ask the submitting officer to fill out the "Official Request for Laboratory
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Standard Operating Procedures -- Pueblo High-Tech Crimes Unit Investigative and Technical Protocols -- Computer Forensics Processing Checklist 2 June 2000 2 Examination." The most important part of this form is for the officer to fill out the keywords in the
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

HMWK-Computer Forensics Processing Checklist - Standard...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online