How To Properly Conduct A Successful Computer Forensic Investigation

873 Words4 Pages

As a security director for this large corporation, I understand that there are certain procedures that need to be followed in order to properly conduct a successful computer forensic investigation. The most important thing is to ensure that the chain of custody is maintained for any computer evidence found or recovered. From the moment you take possession of the evidence until the time the evidence is presented in a court of law you must be able prove who had possession of the evidence, when they had it and where the evidence was stored. Whenever evidence is found during a computer forensic investigation there are some simple steps that should be followed to ensure the evidence is preserved and usable in court. The first thing that a good investigator will do would be to take photographs of the subject’s computer and then take several other photos of the crime scene. If the suspected computer is off the investigator should not power that PC on. If the computer happens to be on the investigator …show more content…

It’s also important to make sure all documentation, instruction manuals and notes are collected. It is also best practice to document all of the steps that were used during the seizure. If all of the steps are followed, the evidence should be admissible when it’s time to present same in a court of law.
The investigator should always remember to tag all of the evidence when seizing hardware. The evidence tag should contain at least the date and time, the name of the investigator, there the item was found, any other facts that could be relevant, and all other information your name, the case number, where you found the item, and other facts relevant to the case. The final step would be giving the evidence to an evidence custodian after you tag and bag the evidence. (SANS,