Handling and Storing Digital Evidence in a Forensic Investigation
Research best practices in handling and storing digital evidence:
Using your preferred Internet browser, perform a search for best practices in handling and storing digital evidence in a forensic investigation. Focus specifically on removable media.
Using at least three credible references, prepare a one page summary of your findings, document your sources.
Handling and Storing Digital Evidence in a Forensic Investigation
Today every jurisdiction uses different ways of handling digital evidenc. Evidence handling ensures that sensitive and vital information collected during investigation remains confidential (Mohammed, 2019). Evidence handling done in forensic laboratory uses the required technologies, including removable media. Digital data is fragile and needs proper handling forensic which involves four phases, identification, collection, acquisition, and preservation, or storage. Identification Helps investigators carry out surveillance through understanding the nature of crime and its occurrence.
Surveillance uses digital malware to gather information; for instance, the use of network investigation techniques. Digital evidence can be found in smartphones, home appliances, flash drives, and so on. The collection of digital evidence begins by documenting the investigation process by taking photographs and recording videos. The digital proof is duplicated and stored in a duplicate disk (Tun, et, al., 2016). Assortment depends on the type of digital evidence; for instance, the collection of mobile evidence is through application framework, android file system, libraries, or the Linux kernel. Data from live systems is obtained through the use of commands; for instance, UNIX operating systems use ifconfig power, and windows operating systems use the ipconfig command. After collecting the digital evidence, the gadget is packaged and transported securely.
Preservation of digital evidence follows after collection and acquisition, where the secure process information collected from modification and loss (Mitchell,et, al., 2018). Preservation of evidence is done through a chain of custody by following the chronology of events from identification. Evidence is marked with a unique code then stored in magnetic media such as the floppy disk and the zip disk, although going through space issues. Optical media are used too, such as CDs and DVDs. The solid-state press is the most commonly used removable devices, especially the USB flash drive compared to floppy disks.However, the flash drive and hard drives hold digital evidence securely and stores massive data and are easy to use during the transfer of data, unlike the magnetic and optical media.
References
Mitchell, I., Ferriera, J., Anandaraja, T., & Hara, S. (2018). DaP∀: Deconstruct and preserve for all: a procedure for the preservation of digital evidence on solid state drives and traditional storage media. In Cyber Criminology (pp. 275-287). Springer, Cham.
Mohammed, A. A. (2019). Digital Evidence and Best Evidence Rule Legal-Technological Approach headed for Digital Evidence Admissibility Review. Journal of Engineering and Computer Science (JECS), 19(2), 1-9.
Tun, T., Price, B., Bandara, A., Yu, Y., & Nuseibeh, B. (2016, September). Verifiable limited disclosure: reporting and handling digital evidence in police investigations. In 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW) (pp. 102-105). IEEE.
