It is very important because during the investigation you need to get access or need to make copies of the sensitive data, if the written permission is not with you then you may find yourself in trouble for breaching the IT security policy
6. Be ready to testify Since you are collecting the evidence than you should make yourself ready to testify it in the court, otherwise the collected evidence may become inadmissible
7. Your action should be repeatable You should be confident enough to perform the same action again to prove the authenticity of the evidence You should be confident enough to perform the same action again to prove the authenticity of the evidence Make sure to document every step taken. Make sure to document every step taken. Do not work on trial-and -error, else no one is going to believe you and your investigation. Do not work on trial-and -error, else no one is going to believe you and your investigation.
fast to reduce data loss Work fast to eliminate the chances of data loss, volatile data may lost if not collected in time. While automation can also be introduced to speed up the process, do not create a rush situation. Increase the human workforce where needed. Always start collecting data from volatile evidence
shut down before collecting evidence This is a rule of thumb, since the collection of data or evidence itself is important for an investigation. You should make sure not to shut down the system before you collect all the evidence. If the system is shut down, then you will lose the volatile data. Shutdown and rebooting should be avoided at all cost
program on the affected system Collect all the evidence, copy them, create many duplicates and work on them. Do not run any program, otherwise you may trigger something that you don't want to trigger. Think of a Trojanhorse.
A's of Computer Forensics Acquire the evidence without altering or damaging the original. Authenticate that the recovered evidence is same as the original seized data. Analyze data without any alterations
Current computer Forensic tools • Computer forensics tools are constantly being developed, updated, patched, and revised. Therefore, checking vendors’ Web sites routinely to look for new features and improvements is important. • Before purchasing any forensics tools, consider whether the tool can save you time during investigations and whether that time savings affects the reliability of data you recover.
Evaluating Computer Forensics Tool Needs Some questions to ask when evaluating computer forensic tools: • On which O S does the forensics tool run? • Is the tool versatile? For example, does it work in Windows different versions and produce the same results in all versions? • Can the tool analyze more than one file system, such as FAT, NTFS, and Ext fs?
… • Can a scripting language be used with the tool to automate repetitive functions and tasks?
- Fall '19
- Computer Forensics
Other Related Materials
- Non disclosure agreement NDA are often times needed when law enforcement is
- No School
- AA 1 - Fall 2019
- Criteria created by NIST for testing computer forensics tools are included in
- Kaplan University
- CIS MISC - Fall 2019
4. PCF Ch7_V2.4_19 Sep 2017.pdf
- Chapter 6 Notes CIST 2612.docx
- Augusta Technical College
- CIST 2612 - Spring 2019
Chapter 6 Notes CIST 2612.docx
- Open a VM as an image file in forensics software and create a forensic image of
- No School
- AA 1 - Fall 2019
- DO NOT begin by exploring files on system randomly Establish evidence custodian
- Gondar University
- ELECTRICAL 121 - Fall 2019