Computer Evidence Processing Guidlines
FOUR GENERAL EVIDENCE PROCESSING GUIDELINES
Four General Evidence Processing Guidelines
Jennifer Farmer
American InterContinental University
Abstract
The best way to preserve digital forensic evidence is to follow the four guidelines created. The four guidelines pertain to evidence collection, storage, processing, retrieval and documentation.
Four General Evidence Processing Guidelines Digital forensic evidence is extremely fragile and should be handled with care in order to avoid alteration which is why guidelines and procedures are created. There are four guidelines that should be followed in order to keep evidence in its most original state. Guideline One Digital evidence is not readable; however a printout is can be submitted as evidence under the "best evidence rule". The best evidence rule applies when a person wants to submit a copy of a document because the original document is unavailable (Nolo Dictionary, 2011).
**Collection**Any and all investigating officers should keep this in mind as well as have a warrant baring the proper wording and language that adheres to search and seizure of a personal computer in order to avoid violating any privacy rights. First the officer should check to see if the computer is on or off. If an officer finds that the computer is not on, he or she should not turn it on the evidence must not be altered; however if the officer finds the computer on then the officer should photograph the screen even if the screen is in sleep mode. Once the computer is photographed the power should be disconnected. In other words the modem should be drained of power by unplugging it. Next the officer should be sure to insert a police disc into the CD or DVD drive; bear in mind the disc should be blank and after inserting it the drive should be sealed. All other hardware connected to the system should be photographed in order to have a record of how the system was
Four General Evidence Processing Guidelines
Jennifer Farmer
American InterContinental University
Abstract
The best way to preserve digital forensic evidence is to follow the four guidelines created. The four guidelines pertain to evidence collection, storage, processing, retrieval and documentation.
Four General Evidence Processing Guidelines Digital forensic evidence is extremely fragile and should be handled with care in order to avoid alteration which is why guidelines and procedures are created. There are four guidelines that should be followed in order to keep evidence in its most original state. Guideline One Digital evidence is not readable; however a printout is can be submitted as evidence under the "best evidence rule". The best evidence rule applies when a person wants to submit a copy of a document because the original document is unavailable (Nolo Dictionary, 2011).
**Collection**Any and all investigating officers should keep this in mind as well as have a warrant baring the proper wording and language that adheres to search and seizure of a personal computer in order to avoid violating any privacy rights. First the officer should check to see if the computer is on or off. If an officer finds that the computer is not on, he or she should not turn it on the evidence must not be altered; however if the officer finds the computer on then the officer should photograph the screen even if the screen is in sleep mode. Once the computer is photographed the power should be disconnected. In other words the modem should be drained of power by unplugging it. Next the officer should be sure to insert a police disc into the CD or DVD drive; bear in mind the disc should be blank and after inserting it the drive should be sealed. All other hardware connected to the system should be photographed in order to have a record of how the system was
References: Ashcroft, Daniels & Hart, (2004), Examination of Digital Evidence: A Guide for Law Enforcement, retrieved from http://www.ncjrs.gov/pdffiles1/nij/199408.pdf Civil action Group, (2006), 2006 Federal Rules of Civil Procedure Impact upon Digital Evidence, retrieved from http://www.aps-international.com/index.php?pr=LCFS_Auth Daniels, L. (n.d), Digital Forensics, retrieved from http://www.ncids.org/Defender%20Training/2006%20Investigators%20Conference/Com puter%20Forensics%20Prsentation.pdf File Slack, (2008), retrieved from http://www.forensics-intl.com/def6.html Indiana University Information Technology Services, (2010), In Windows, what is a swap file? Retrieved from https://kb.iu.edu/data/ahbb.html King, Bertram & Whiten, (n.d.), Procedures for Obtaining and Managing Computer and Electronic Evidence, retrieved from http://docs.google.com/viewer?a=v&q=cache:z8IhtYAbit0J:personal.georgiasouthern.ed u/~cwhiten/portfolio/Forensics.docx+four+general+evidence+processing+guidelines+to+ ensure+investigators+understand+the+steps+of+processing+computer+evidence&hl=en &gl=us&pid=bl&srcid=ADGEESjayTtvuT4l7sOi92KZgCokUGrP0HXyh1jrhgyUhhnV Ho3GCB9Ekx0VXDqvMA7A3vkA167W2KieePNSh3ueaLLM7sRu- 9B5rNoJoYzNw7gNJB5BTuD6dB6UuFZP0sFYvLKC84Kq&sig=AHIEtbQ3cQC6HRY Q-LsDAen85jC5jNG7TA Nolo Dictionary, (2011), Best Evidence Rule, retrieved from http://www.nolo.com/dictionary/best-evidence-rule-term.html