1 / 9

7 Handling a Digital Crime Scene

7 Handling a Digital Crime Scene. Dr. John P. Abraham Professor UTPA. Introduction. GOAL: Sequestered environment where All contents are mapped and recorded Accompanying photographs and basic diagrams showing areas and items Evidence is frozen in place

samuel-pitts
Download Presentation

7 Handling a Digital Crime Scene

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

  2. Introduction • GOAL: Sequestered environment where • All contents are mapped and recorded • Accompanying photographs and basic diagrams showing areas and items • Evidence is frozen in place • This chapter deals with handling individual computers as a source of evidence. • US department of Justice and Secret Service • Electronic Crime Scene Investigation. • Best Practices for Seizing Electronic Evidence • Guide for first responders • Also The good practice guide for computer based evidence by association of chief of police officers (ACPO)

  3. Major principles • No action taken should change data held on a computer or storage media • Anyone accessing the computer must be competent in cyber forensics. • An audit trail or other record of all processes applied to electronic evidence must be kept. • Person in charge of the overall case has the responsibility of ensuring that the law and these principles are adhered to.

  4. Authorization • Obtain written authorizations and instructions from attorneys. • Private and personal computer access would require warrant unless an employee agrees to the search. • Work place computer may not require a warrant. • Digital investigators are generally authorized to collect and examine only what is directly pertinent to the investigation.

  5. Preparing to handle digital crime scenes • Make diagrams and have a plan as to what to examine. • What type of tools should be brought to the scene. • Bring questionnaire to interview individuals at the crime scene.

  6. Surveying the Digital Crime Scene • Look at laptops, handheld devices, • Digital video records (DVRs) • Gaming systems • External hard drives • Digital cameras • DVDs • Look for installation disks that give clues • Network configurations, look for remote machine in the facility or outside.

  7. Preserving the Digital Crime Scene • Controlling Entry points – secure the crime scene. • Save biometric access system data and video recordings. • Save network level logs (copy). • Preserve all backup media, do not overwrite backup media. • Preserve emails on the servers. • Keyboards may have fingerprints.

  8. Preserving data on live systems • The contents of volatile memory must be obtained such as a note being written. • Which account is running under certain processes. • Capture information related to active processes and network connections.

  9. Shutting down • Remove power from the back of the machine. • Open the case and remove power to the hard drives. • Check for missing parts • Check for explosives.

More Related