Here are the following steps investigators
should follow to retrieve digital evidence…
1. Secure the computer system to ensure that the equipment and data
are safe. This means digital investigators must make sure that no unauthorized
individual can access the computers or storage devices involved in the search.
2. Find every file on the computer system, including files that are encrypted,
protected by passwords, hidden or deleted, but not yet overwritten. Digital investigators
should make a copy of all the files on the system. This includes files on the computer’s
hard drive or in other storage devices.
3. Recover as much deleted information as possible using applications
that can detect and retrieve deleted data.
4. Reveal the contents of all hidden files with programs designed to
detect the presence of hidden data.
5. Decrypt and access protected files.
6. Analyze special areas of the computer's
disks, including parts that are normally inaccessible.
7. Document every step of the procedure. It's important for digital
investigators to provide proof that their investigations preserved all the
information on the computer system without changing or damaging it.
All these steps are incredibly important in
a computer or digital forensics investigations, make sure you follow them all
to ensure an effective investigation.
DLA Digital and cellular forensics can provide you with the digital evidence that you need! Let us follow the electronic trail to find and protect the evidence that you need.
No comments:
Post a Comment