This week (and past weeks) your reading focuses on the techniques and tools you would use to collect, preserve, and analyze digital evidence. While this class does not focus as heavily on the highly technical aspects of digital forensics (e.g., using the tools, techniques, processes to collect, preserve and analyze digital evidence), it does stress how to be prepared for the digital evidence process, as it fits into the criminal justice system.
Of course, it is critical that computer forensic examiners understand processes such as capturing volatile data, recognizing and collecting digital evidence, analyzing the evidence once it is collected, etc.; however, what I want you to focus on this week is why and how the processes are designed to identify, seize, collect, preserve, and analyze digital evidence, and how they relate to the criminal justice process.
You should all understand the need to verify what a warrant will allow you to search for and seize in a criminal case (ensuring that you do not exceed the scope and potentially compromise your case). You should also be aware of what a companys policy, or an organizations leadership will allow you to do in a non-criminal justice investigation. In either case, you need to be able to testify about all the steps you took, articulating from the point when you were first notified of the incident or called in to collect the digital evidence, until the time you are called to testify about it. Digital evidence must not just be simply collected (e.g., picked up and put in a bag), but procedures must be put in place to preserve the evidence so the defense cannot raise reasonable doubt (in the criminal case) about the integrity or provenance of the evidence.
For this weeks discussion, complete the following questions below in detail. Please discuss thoroughly and substantively in your post. Additionally, respond in a thorough, substantive, intelligent way to at least one of your fellow classmates that adds to our discussion and learning of this weeks topic!
1) Describe at least 5 steps in a process to collect digital evidence to the time you testify that you consider important. Please explain why they are important.
2) You are a witness and I am asking you the following question – please answer thoroughly as if you are testifying in court on the witness stand. Upon entering the room where the computer was located, what was the first thing you did?
3) Continue your testimony by answering After seizing the computer evidence, explain what you did with it?