What do you consider to be the 3 most important computer-related forensics procedures necessary in processing evidence at the scene of a crime, and provide your reasoning of why these are the most important procedures.
What do you consider to be the most important aspect of how a financial investigator must secure digital evidence to help in the prosecution of offenders, and why this process is important?
How would omitting one of these forensic procedures negatively affect either the investigation or prosecution process?
What is a possible oversight that could occur during the collection and identification of digital evidence process, and what is one way to overcome such an oversight?
The 3 most important computer-related forensics procedures necessary in processing evidence at the scene of a crime:
1. Obtain warrant. Regardless it is computer-related or physical crime scene, in order for evidence to be admissible in a court of law it must be legally obtained.
2. Document the crime scene in detail. This provides evidence obtained was untainted. It should remain unchanged from its original and its authenticity.
3. Preserve the evidence. The evidence must be preserved as close as possible to its original state. Any changes made during this phase must be documented and justified. Also, all procedures used in the examination should be audible, that is, a suitably qualified independent expert appointed by the other side of a case should be able to track all the investigations carried out by the prosecution's experts.
The most important aspect of how a financial investigator must secure digital evidence would be to preserve the evidence ...