Read this vital guide
on saving evidence in Computer Forensic Emergencies…
DO – Make detailed noted on all activities
> Collect data that would otherwise be lost by removing the power supply.
> If the device is switched on, record what is on the screen by taking photos or by making a written note of the content.
> Ensure that actions or changes made to the system are recorded. > Ask the user about the setup of the system. E.g. Passwords, usernames etc.
> Collect data that would otherwise be lost by removing the power supply.
> If the device is switched on, record what is on the screen by taking photos or by making a written note of the content.
> Ensure that actions or changes made to the system are recorded. > Ask the user about the setup of the system. E.g. Passwords, usernames etc.
> Every time a computer is
switched on data can be changed
> Make sure that the computer is switched off
> Look for activity. E.g. lights may indicate power/activity. Remove the main power source battery from laptop computers
> Make sure that the computer is switched off
> Look for activity. E.g. lights may indicate power/activity. Remove the main power source battery from laptop computers
DO – Unplug the device to ensure information
cannot be overwritten
> A computer in sleep mode may be accessed remotely, allowing the alternation or deletion of files.
> Remove the power supply from the back of the computer without closing down any programs. This avoids any data being written to the hard drive with power loss.
> Remove all other connection cables leading from the computer, and make notes.
> A computer in sleep mode may be accessed remotely, allowing the alternation or deletion of files.
> Remove the power supply from the back of the computer without closing down any programs. This avoids any data being written to the hard drive with power loss.
> Remove all other connection cables leading from the computer, and make notes.
DO NOT – Continue to use the computer device
> After an incident has been established, continued usage of the computer device could prove devastating to the existing evidence.
> Deleted data can still be present on the machine, but marked as ready to over-write. Use of the computer overwrites existing data on the hard drive which could hold important evidence.
> After an incident has been established, continued usage of the computer device could prove devastating to the existing evidence.
> Deleted data can still be present on the machine, but marked as ready to over-write. Use of the computer overwrites existing data on the hard drive which could hold important evidence.
DO – Secure or seal the system in a locked
cupboard or container
> By securing the computer, this can restrict any unauthorized access to the computer, which minimizes potential data loss.
> This also provides a level of protection from natural hazards or accidents that may occur around the device and cause damage to the system.
> By securing the computer, this can restrict any unauthorized access to the computer, which minimizes potential data loss.
> This also provides a level of protection from natural hazards or accidents that may occur around the device and cause damage to the system.
DO NOT – Let your IT department or computer
specialists “have a quick look”
> Without the use of special digital forensic software and tools, tampering with the evidence can cause data to be lost or corrupt.
> Commercial “Data Recovery” software does not work for evidential purposes and could result in data loss
> Without the use of special digital forensic software and tools, tampering with the evidence can cause data to be lost or corrupt.
> Commercial “Data Recovery” software does not work for evidential purposes and could result in data loss
DO – Call us right away
DLA has grown to become a great provider of digital forensic services in Cape Town and nationwide. We pride ourselves on offering the highest quality digital forensics and delivering thorough, detailed and accurate results. Contact us today and we can provide you with the digital evidence that you need.
DLA has grown to become a great provider of digital forensic services in Cape Town and nationwide. We pride ourselves on offering the highest quality digital forensics and delivering thorough, detailed and accurate results. Contact us today and we can provide you with the digital evidence that you need.
No comments:
Post a Comment