your text focuses on the techniques and tools you would use to collect, preserve, and analyze digital evidence. While this does not focus as heavily on the highly technical aspects of digital forensics (e.g., using the tools, techniques, processes to collect, preserve and analyze digital evidence), it does stress how to be prepared for the digital evidence process, as it fits into the criminal justice system.
Of course, it is critical that computer forensic examiners understand processes such as capturing volatile data, recognizing and collecting digital evidence, analyzing the evidence once it is collected, etc.; however, what I want you to focus on this week is why and how processes designed to identify, seize, collect, preserve, and analyze digital evidence relates to the criminal justice process.
You should all understand the need to verify what a warrant will allow you to search for and seize in a criminal case (ensuring that you do not exceed the scope and potentially compromise your case). You should also be aware of what a company’s policy or an organization’s leadership will allow you to do in a non-criminal justice investigation. In either case, you need to able to testify about all the steps you took, from the point when you were first notified of the incident or called in to collect the digital evidence, until the time you are called to testify about it. Digital evidence must not just be simply collected (e.g., picked up and put in a bag), but procedures must be put in place to preserve the evidence so the defense cannot raise reasonable doubt (in a criminal case) about the integrity or provenance of the evidence.
1. Describe at least 5 steps in a process to collect digital evidence to the time you testify that you consider important. Please explain why they are important.
2. You are a witness and I am asking the following question- please answer as if you are on the witness stand. Upon entering the room where the computer was located, what was the first thing you did?
3. After seizing the computer evidence, what did you do with it? PLEASE DO NOT WRITE THE PERSON OR DETECTIVE LIKE YOU DID IN THE LAST PAPER. THE WRITER MUST WRITE WITH I BECAUSE THESE QUESTIONS WERE DIRECTED TO YOU NOT THE PERSON OR DETECTIVE.