• Basic steps of conducting a computer forensic examination: Policy and procedure development Evidence assessment Evidence acquisition Evidence examination Documenting and reporting
A typical computer/ digital forensic investigation involves three main stages and every stage has some basic steps that is to be followed before proceeding to the next step. Let us take a look at these three stages of computer forensic investigation in detail.
The crime reconstruction phase is the process of reconstructing events or actions that happened, according to the evidence recovered. As investigators find more evidence, many incorrect hypotheses will unproven, while one (or, at most, a few) will become more and more plausible, and can eventually be proven entirely.
The second step, which is collection and preservation, are strict set of procedures with guidelines that must be followed. It involves a variety of measures to preserve the state of the crime scene as much as possible, and limit the destruction of potential evidence.
Identification – the first stage identifies potential sources of relevant evidence/information (devices) as well as key custodians and location of data.
The first digital forensic process model proposed contains four steps: Acquisition, Identification, Evaluation and Admission. Since then, numerous process models have been proposed to explain the steps of identifying, acquiring, analysing, storage, and reporting on the evidence obtained from various digital devices.
This model was the base fundament of further enhancement since it was very consistent and standardized, the phases namely: Identification, Preservation, Collection, Examination, Analysis and Presentation (then a pseudo additional step: Decision).
Acquisition (without altering or damaging), Authentication (that recovered evidence is the exact copy of the original data), and Analysis (without modifying) are the three main steps of computer forensic investigations.
Process of Digital forensics includes 1) Identification, 2) Preservation, 3) Analysis, 4) Documentation and, 5) Presentation.
Forensics: 12 steps of processing a crime scene.
These include collection, analysis, theory development and validation, suspect identification and forming reasonable grounds, and taking action to arrest, search, and lay charges. In any case, as unpredictable as criminal events may be, the results police investigators aim for are always the same.
A proper investigation must:Gather information.Search for and establish facts.Isolate essential contributing factors.Find root causes.Determine corrective actions.Implement corrective actions.
The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.
The guide recommends a four-step process for digital forensics: (1) identify, acquire and protect data related to a specific event; (2) process the collected data and extract relevant pieces of information from it; (3) analyze the extracted data to derive additional useful information; and (4) report the results of the ...
Phase III – Collect the Evidence After the search and seizure phase, professionals use the acquired devices to collect data. They have well-defined forensic methods for evidence handling.
Traditional forensic analysis methods include the following: Chromatography, spectroscopy, hair and fiber analysis, and serology (such as DNA examination) Pathology, anthropology, odontology, toxicology, structural engineering, and examination of questionable documents.