Disclaimer: This work has been submitted by a student.This is not an example of the work produced by our Essay Writing Service.Always look for information related to the investigation such as passwords, PINs, passphrases, bank accounts and so on.
Further guidelines include on bagging and tagging the evidence which is done as follows, first assign a person to collect (and log) the evidence, then tag all the evidence which is collected with the present date/time, serial number or other features.
Always keep two separate and different logs of evidence collected an keep control of the evidence at the crime scene.
Investigating and taking control of the computer incident scene in the corporate environment is considered to be much easier than in the criminal environment because the incident scene is often the workplace, these workplaces have databases of computer hardware and software which can also be analyzed, proper tools can be adopted to analyze a policy violation if any.
Many companies either state their policy right away or show some warning, some apply both whose purpose is to tell that they hold the complete right to inspect the computing assets of their respective subjects at will, in addition to that every company must describe when an investigation can be initiated and allow the corporate investigators to know that under what circumstances they can examine the computer of an employee, if the investigator finds about the wrongdoing of the employee then the company can file a criminal complaint against him.
Try the very best to save the data from the current applications as much safe as possible, properly record all active windows or other shell sessions, and photograph the scene.
Also make notes of everything that is done even when copying the data from a live computer of a suspect, save open files to external storage medium such as a hard drive or on a network share (if somehow the saving mentioned is causing problems then save with some new titles), then close applications and shut down the computer.
The crime scene is considered to be a very sensitive place in terms of collecting proofs and evidences which are in many cases very vulnerable and can be very easily be manipulated so special attention is needed in every aspect of recovery methods in order to gain as much as possible.
Before arriving at the scene of crime, it is mandatory that you should always take a systematic approach in problem solving like making an initial assessment about the case then determining a preliminary approach to the case, after that, create a detailed checklist of the objectivity of the case, analyze the resources needed, identify all the risks and try the very best to minimize them, also outline all the details known about the case until then in a systematic manner such as the situation in which you will be arriving, the nature and specifics of the case, the type of computer forensic tools which will be needed at the case and to check on the specific operating systems in disposal which assist in the forensics investigation process.
The Computer Forensics Investigation Plan A computer forensic investigates data that can be retrieved form storage media of a computer such as a hard disk, it is also considered that to be a successful computer forensic the knowledge of many different platforms to perform computing is a must, for our case we will consider you as the chief forensic investigator in the state of Virginia, as a part of private enterprise you are assigned the role of planning the computer investigation of a suspected criminal activity, we will see from your perspective how you should conduct all the necessary procedures.
We don’t just need science; we need good science (Evans, 2004) Always analyze major issues in preparing for an investigation.