Duplication and Preservation of Digital Evidence

Duplication and Preservation of Digital Evidence

Duplication and Preservation of Digital Evidence

Project Name: Duplication and Preservation of Digital Evidence

Description: This blog will help all forensics investigator for Duplication and Preservation of Digital Evidence

Author: Rohit D Sadgune

Frequently Asked Question on Computer Forensics Investigation

  • Checklist of Duplication and Preservation of Digital Evidence

 

  1. Shut down the computer.
  2. Document the hardware configuration of the system.
  3. Transport the computer system to a secure location.
  4. Make bit-stream backups of hard disks and floppy disks.
  5. Mathematically authenticate data on all storage devices.
  6. Document the system date and time.
  7. Make a list of key search words.
  8. Evaluate the Windows swap file.
  9. Evaluate file slack.
  10. Evaluate unallocated space (erased files).
  11. Search files, file slack, and unallocated space for keywords.
  12. Document file names, dates, and times.
  13. Identify file, program, and storage anomalies.
  14. Evaluate program functionality.
  15. Document your findings.
  16. Retain copies of software used.
  17. Establish a solid relationship with local law enforcement, as they will be a valuable resource in the evidence collection process.

GO BACK TO COMPUTER FORENSICS CHECKLIST

Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image