Report: Digital Evidence Collection in Forensic Investigation

Verified

Added on 2022/08/12

AI Summary

This report delves into the critical aspects of digital evidence collection within forensic investigations. It emphasizes the significance of volatile data residing in computer RAM as crucial evidence. The report highlights the importance of clear communication between the investigation team and evidence collectors, alongside best practices for scene management, including dividing the area into manageable sections. It offers recommendations for handling computers, such as documenting the screen's state if the computer is on and avoiding powering off the device if it's off. Furthermore, the report outlines the use of write blockers for imaging hard drives and the correct packaging of evidence in anti-static bags to maintain the integrity of the collected data. The report references sources like SANS and SWGDE to support its guidelines.

Critical Thinking
Assignment
Name:-
Date:- 15 February 2020

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Introduction
 Forensic investigation is nothing but a scientific
method that is used to solve a crime (pinow.com,
2020).
 It gathers and analysis all crimes related to
physical evidence so a conclusion can be drawn
upon from the same. This presentation is based on
the topic related to the collection of digital
evidence.

Collection of live digital evidence
 First, it is important to know what kind of
evidence does truly matters.
 Here to inform that volatile data available within
the computer RAM is the most significant
evidence at today’s time that is also important for
the foreseeable future.

Communication
 Communication is an important practice that needs
to be adopted while collecting digital evidence.
 There must be an appropriate communication
between the investigation team and collector
(swgde.org, 2020).
 It is recommended that such communication
should include aspects related to the investigation
process.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Search
 To discuss related best practices, this is to state
that one should remove all the non-required
personnel from the closeness of digital evidence.
 Another recommendation is that the scene should
be divided into manageable sections and label the
same in an identifiable manner.

Miscellaneous Recommendations
 If the computer is turn off, it is recommended that
one must not turn on the same.
 If the computer is on, then one should click the
picture of the screen. It helps to determine what
has been searched last on the computer or at the
time of incident what content of the computer was
being checked by the criminals.

Cont.
 Using a write blocker, one should image hard
drives.
 The packaging is another thing to do in the process
of investigation that should be done with an
additional concern. All the components should be
collected in anti-static evidence bags.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
 Henry, P. (2009) Best Practices In Digital Evidence
Collection. Retrieved from: https://www.sans.org/blog/best-
practices-in-digital-evidence-collection/
 pinow.com. (2020). Forensic Investigation. Retrieved from:
https://www.pinow.com/investigations/forensic-investigations
 swgde.org. (2020). Scientific Working Group on Digital
Evidence. Retrieved from:
https://www.swgde.org/documents/Current%20Documents/S
WGDE%20Best%20Practices%20for%20Digital
%20Evidence%20Collection