Steps to Take in a Computer Forensics Investigation - dummies

Steps to Take in a Computer Forensics Investigation

By Linda Volonino, Reynaldo Anzaldua

Part of Computer Forensics For Dummies Cheat Sheet

Computer forensics is a meticulous practice. When a crime involving electronics is suspected, a computer forensics investigator takes each of the following steps to reach — hopefully — a successful conclusion:

  1. Obtain authorization to search and seize.

  2. Secure the area, which may be a crime scene.

  3. Document the chain of custody of every item that was seized.

  4. Bag, tag, and safely transport the equipment and e-evidence.

  5. Acquire the e-evidence from the equipment by using forensically sound methods and tools to create a forensic image of the e-evidence.

    Keep the original material in a safe, secured location.

  6. Design your review strategy of the e-evidence, including lists of keywords and search terms.

  7. Examine and analyze forensic images of the e-evidence (never the original!) according to your strategy.

  8. Interpret and draw inferences based on facts gathered from the e-evidence. Check your work.

  9. Describe your analysis and findings in an easy-to-understand and clearly written report.

  10. Give testimony under oath in a deposition or courtroom.