Cybercrime is becoming
even more of a concern, which makes computer forensics a growing science. The
worst thing a business can do when digital forensic professionals are working
is to proceed carelessly. That is why it is vital to keep these tips in mind
when a computer is being investigated on your watch.
1. A computer is a crime scene, and it
needs to be treated as such. All investigation activity needs to be logged and
all the equipment inventoried.
2. The machine should be isolated from the
network.
3. Investigators should almost never work
with the original hard disk or media or any original files. Rare exceptions to
this rule include situations when turning off the computer will destroy
evidence. But most often, examiners should make copies—and not just any copies,
but forensically sound ones. Just backing up a drive, for example, will not
transfer slack space and deleted files that need to be searched.
4. Don’t violate the chain of custody. If
evidence is to be used in a legal case, it must be clearly established what the
evidence is, where the evidence was, and what was done to it at all times. If
there’s any suspicion that the evidence was tampered with or altered, then you
may be left without a case.
5. Don’t be in a fixed frame of mind. No
two investigations are alike. Because of this, investigators use training and
experience to narrow the scope of an investigation.
6. Don’t digress. Remember that the point
of an investigation is to determine three things: whether a violation took
place, the exact sequence of events that took place, and finally, who was
responsible.
In this day and age,
businesses are all too vulnerable to high tech crimes. Whether the computers
are used to commit felonies or simply to violate company policy – businesses can
be embarrassed, inconvenienced and even shut down. If you are ever in this
situation, contact the digital forensic experts at DLA!
No comments:
Post a Comment