Evidence Collection Policy

Evidence Collection Policy

During the process of collecting digital evidence, the investigator will ensure that the data remains intact and unaltered. For later proof that evidence hasn't been tampered with, they will calculate and record a cryptographic hash of an evidence file, to be compared to the original as proof that the evidence has not been modified. He will further assure the integrity of digital evidence by imaging computer media with a write blocking tool, establishing a chain of custody and documenting everything done to the evidence. He will examine a computer's RAM for evidence prior to powering it down, as some digital evidence may be stored only in the RAM and will be lost after the computer is turned off. It is easily copied and modified, but not easily kept in its original state: an electromagnetic record is stored in a computer system in the binary form—0 o. The copied object is exactly the same as the original one, but it is also convenient to precede Computer Forensics Procedures, Tools, and Digital Evidence Bags 4 with user modifications. As a result, it is difficult to retain digital evidence in its original status. Confirmation of the original digital source is, therefore, susceptible to doubt. Its source and integrity is not easy to prove: it is very easy to produce an electromagnetic record, so it is also very easy for it to be copied or modified. This makes it very difficult to directly infer the relationship between the evidence obtained and the suspects. That is to say, it is almost impossible to achieve “individualization”, unlike the highly efficient methods of fingerprinting or deoxyribonucleic acid (DNA), used to authenticate evidence. Accordingly, it is very difficult to prove whether the evidence has been changed, based on the observation of easy modification of electromagnetic records. The presentation of digital information cannot be well perceived by human senses. This is because the electronic record has been electromagnetically recorded and stored...

Similar Essays