Computer Forensics Analysis Discovery Of Electronic Evidence
Project Name: Computer Forensics Analysis Discovery Of Electronic Evidence
Description: This blog will help all forensics investigator for Computer Forensics Analysis Discovery Of Electronic Evidence.
Author: Rohit D Sadgune
Frequently Asked Question on Computer Forensics Investigation
- Checklist of Computer Forensics Analysis Discovery Of Electronic Evidence
- Do not alter discovered information.
- Always back up discovered information.
- Document all investigative activities.
- Accumulate the computer hardware and storage media necessary for the search circumstances.
- Prepare the electronic means needed to document the search.
- Ensure that specialists are aware of the overall forms of information evidence that are expected to be encountered as well as the proper handling of this information
- Evaluate the current legal ramifications of information discovery searches.
- Back up the information discovery file or files.
- Start the lab evidence log.
- Mathematically authenticate the information discovery file or files.
- Proceed with the forensic examination.
- Find the MD5 message digest for the original information discovery file or files.
- Log all message digest values in the lab evidence log.
- When forensic work is complete, regenerate the message digest values using the backups on which work was performed; log these new values alongside the hashes that were originally generated. If the new values match the originals, it’s reasonable to conclude that no evidence tampering took place during the forensic examination of the information files.
- Briefly compare the physical search and seizure with its logical (data-oriented) counterpart, information discovery.