Digital Evidence

Evidence acquisition should be performed to ensure that it will withstand legal proceedings. Key criteria for handling such evidence are outlined below:

Digital evidence must be handled in a way to preserve the original state of the data as closely as possible. Often, just looking at the data, e.g. an email or image, can alter information about that evidence on the storage device. Digital evidence specialists have the means to carefully extract data in such a way that does not alter the data.

Careful attention and specific procedures are required if the physical state of the data storage device is damaged or compromised in any way.

Special circumstances may be necessary for active situations. For example, a virus reformatting a hard drive will need to be shut down immediately to preserve data.

All artifacts, physical and/or digital should be collected, retained and transferred using a standardized policy with a log including information such as time, date, who collected the data, and locations it has been transferred to, and who has analyzed the data.

Data access and storage should be limited to authorized individuals only.

Range of Issues:

Digital Evidence

Accounting & Medical Billing Systems

Accounting System Forensics

Black Box / EDR Forensics

Computer Forensics

Digital Camera Forensics

Digital Photo Forensics

Digital Copier Forensics

Document & Spreadsheet Forensics

Electronic Device Forensics

Electronic Medical Record Forensics

Email System Forensics

File Date Forensics

GPS Forensics Services

Metadata Forensics

Omnitracs Forensics

Printer & Fax Machine Forensics

Experts on this topic...

Navigate

Connect With Us

Company

Search