Documente Academic
Documente Profesional
Documente Cultură
FORENSICS
IDENTIFICATION:
In this process, identification of things like whether any evidence is
present, how it is stored, where it is stored and which operating system is
used for it. By accessing this information, the tools, appropriate recovery
methodologies used are easily identified by the investigator.
PRESERVATION:
Here in this step, the preservation of integrity of digital evidence and
ensuring custody chain is not broken. Using reproducible methodologies,
the data has to be preserved (copied) on stable media like CD-ROM.
Documentation of all steps taken to capture the data must happen. If
there are any changes to the evidence then they should be documented,
including about the change and why it was changed. In the court of law,
you may need to prove integrity.
ANALYSIS:
In the analysis step, reviewing and examining the data should be there.
The major use of it is maintaining the integrity whilst examining the
changes by copying this data onto CD-ROM.
PRESENTATION:
In this process the evidence is presented in a legally acceptable and
understandable manner. This process plays a major role when the jury
who may have least computer experience, can understand well when
presented reflects originality.
CRIMINAL PROSECUTION:
Prosecutors can use computer evidence to establish crimes such
as homicides, drug and false record-keeping, financial frauds, and
child pornography in the court of law.
CIVIL LITIGATION: