Duplication and Preservation of Digital Evidence

Project Name: Duplication and Preservation of Digital Evidence

Description: This blog will help all forensics investigator for Duplication and Preservation of Digital Evidence

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Duplication and Preservation of Digital Evidence

 

  1. Shut down the computer.
  2. Document the hardware configuration of the system.
  3. Transport the computer system to a secure location.
  4. Make bit-stream backups of hard disks and floppy disks.
  5. Mathematically authenticate data on all storage devices.
  6. Document the system date and time.
  7. Make a list of key search words.
  8. Evaluate the Windows swap file.
  9. Evaluate file slack.
  10. Evaluate unallocated space (erased files).
  11. Search files, file slack, and unallocated space for keywords.
  12. Document file names, dates, and times.
  13. Identify file, program, and storage anomalies.
  14. Evaluate program functionality.
  15. Document your findings.
  16. Retain copies of software used.
  17. Establish a solid relationship with local law enforcement, as they will be a valuable resource in the evidence collection process.

GO BACK TO COMPUTER FORENSICS CHECKLIST