Professional Documents
Culture Documents
Biography
I am a certified computer forensic examiner who has been practicing in the field since 2001. I have worked on both criminal and civil cases ranging from child pornography to Intellectual Property theft. As I go through the talk you will find that although there are some different constraints between civil and criminal work in seizing evidence, as regards Forensic Process and Procedure there is only one right way.
Information Gathering What are the first steps in selecting a Forensics Examiner?
The examiner should be asked for a current CV and references. If you have any contacts at HTCIA or if you know anyone on the ISFCE or established forensic group, your contact can send out an email to the group as is customary and a local examiner will respond.
Revamp
These are basic questions that help the examiner to assess and if necessary, advise the client on possible preliminary action. For example, from the beginning stages, the expert must advise how to preserve evidence giving best practice instructions to avoid anyone tampering with the evidence. The examiner must use state-of-the-art forensic tools. Be able to determine if a forensic examination is necessary,
the scope of the examination, and if the examination will aide in your case.
This should include only members of the investigative unit or law enforcement.
All distinguishing characteristics of the media such as make, model and serial number of the computer should be included on the document. If the computer was on, A picture of what was on the screen and the surrounding area should be photographed..
The second reason involves missing possible valuable information. A simple example of why expertise is needed to preview evidence:
A trained examiner understands that there are legal constraints, i.e., search warrant, who owns the computer individual or company, proving who was sitting behind the computer, what is the computer attached to, such as system, or device. Avoid spoilage of evidence
Why does it matter how you shutdown the computers during an investigation?
Conclusion
Successfully recovering any form of data is a cooperative effort between lawyers and technical experts. The lawyer needs to understand the process. get authorization to access the data and supporting information to assist the investigator in narrowing the scope of the investigation. The technical experts need to examine the data while preserving the Chain of Custody and following best practice to authenticate what will be presented at the outcome of the investigation.