As a digital forensic investigator, I was assigned to a case where my expertise where needed. My role in the investigation was to search the suspects digital evidence to help find more helpful information and advance the case. Overall my job as a digital forensic investigator was to recover and analyse the digital evidence so that it could be used in the criminal prosecution. Approach to Case My method of investigating a case was using a systematic approach as this is the accepted procedure to follow. The first item on the agenda was to determine what sort of case I was dealing with. The case involved a manufacturer of consumer healthcare products. The case started when the manufacturer received multiple complaints in regards to unsavory …show more content…
If important data is lost, then the entire case can be put into jeopardy and question my ability as the investigator. The use of anti-forensics tools which overwrite, destroy or modify files by the culprits could hinder the investigation, so the threat of this risk must be taken into account. The loss or damage of the physical evidence from which the data was recovered is also an important risk to consider. There is potential for a failure of the hardware involved - this may be the evidence, or even hardware in the computer forensics lab. Legal issues could arise if the opposition believe that my job was done unprofessionally or if I have been biased in favour of the prosecution[7]. Minimizing risks is essential after the identification of the potential risks. Minimizing The Risks It was important that I did everything I could to reduce the risks involved before I proceeded any further. Here are the ways I minimized the risks during this investigation: Preserved evidence securely Documented all findings Maintain chain of custody [5] Stayed with the structured checklist Followed the standardized approach Create backups for all evidence Work off copies of evidence Keep an unbiased view …show more content…
My objective at this stage is to find evidence that will help progress the investigation and potentially lead to further clarity on all aspects of the case. As a well trained professional it is my job to find all the answers to questions I am asking to myself and these questions would include: What type of data in particular am I looking for? Where would the potential data be stored? Is there any deleted documents sill stored on the disk? In the cell phones, fax machines and the telephone and voicemail systems yielded little new digital evidence that was relevant to the case. The involvement of the equipment itself however, meant that there was a sophisticated communication system used between the locations. The computers however had a different story. Overall, there were 30 computers that needed to be investigated that were found at the 5 crime scenes. Most of the computers, 25 to be precise yielded some evidence such as product logging details, client lists and sales reports, all of which were found on the computers without the need for forensic tools. The most important and interesting evidence came from 5 of the computers, 1 at each scene. These computers were separated from the others in an office - more than likely a designated office for the manager of