Some important steps in the process of collecting digital evidence from the time you are called to assist and the time when you have to testify are: identifying evidence, collecting evidence, preserving evidence, analyzing evidence and presenting evidence (Solomon et. al, 2011, Loc 2332).
One of the first steps in identifying evidence is understanding the purpose of the investigation. This knowledge will help you to decide what evidence you will need based on the type of case you’re participating in. A critical part of identifying evidence if it is a criminal investigation would be to know what is allowed on the search warrant. As the Computer Forensics Jumpstart we are using for our textbook, seldom is “take everything” allowed (Solomon et. al, 2011, Loc 2332).
Even if the investigation does not involve a search warrant, care must be taken to operate within legal guidelines because ANY investigation may “end up as prime evidence for lawsuits in the future” (Solomon et. al, 2011, Loc 2341).
The second step in identifying the evidence is to take a look around. Perform a site survey (Solomon et. al, 2011, Loc 2351).
Take pictures, make notes, sketch the area and make sure you have enough information to describe the area in detail should you need at some future date (Solomon et. al, 2011, 2361).
Take note of what you see and what you think it means. You will look at the usual laptop or computer and at the hard drive and other portable storage devices of course, but remember to look beyond the obvious. The textbook uses the example of seeing a high-speed scanner and a credit card reader (Solomon et. al, 2011, Loc 2389) and thinking about what possibilities these items would be used for.
The Essay on Crime Scene Investigation
Physical evidence comes in all shapes and sizes, and there are multiple search patterns that are used to identify evidence. These patterns include line/strip search (used by one or two investigators who walk in straight lines across the crime scene) this method is best used in scenes where the boundaries are well established because the boundaries dictate the beginning and end of the search lines, ...