The first step is to send a preservation of evidence letter. This entails putting all parties on notice that electronic evidence will be sought. This is important since the data stored on computers change each time a user loads a new program, saves a file, or does nearly anything on a computer. The second step is to gather backup tapes. This is a call for the provision of full backups that were made weekly and monthly (Balkin et al., 2017). This step is vital because backup tapes are one of the most fertile evidence sources. The next entails gathering the diskettes. Files and essential documents may also be saved in disks by users. Therefore, diskettes are critical because they are excellent sources of evidence. The fourth step involves asking each witness about computer usage. This is essential as it will lead to the revelation of data not disclosed by other methods (Pearson & Watson, 2017). The last step is to protect the chain of custody. This requires tracking evidence from its source to what is provided in court. Tracking is crucial since it ensures that evidence is not tampered with.
Upon entering the room where the computer was located, I took custody of the whole computer, encompassing floppy diskettes, and other removable media. I then went on to identify disk regions that may have evidence. Notably, evidence in a majority of computer forensic investigations lies in the user’s emails, internet history, documents, and any downloaded illegal images (Sremack, 2015). Therefore, I applied the use the Sifting Collectors application software. This software images only those areas of a disk that may contain artifacts, data, and other evidence.
After seizing the computer evidence, I then took my time to analyze it. This entailed tying it up to the digital crime. As such, I examined each item of evidence and established its relevance to the case at hand. I retained pertinent evidence and got rid of irrelevant evidence. I then drew up conclusions based on the relevant evidence found. I finished this process by writing a report.
Balkin, J., Grimmelmann, J., Katz, E., Kozlovski, N., Wagman, S., & Zarsky, T. (2017). Cybercrime: Digital cops in a networked environment. NYU Press.
Pearson, S., & Watson, R. (2017). Digital triage forensics: Processing the digital crime scene. Syngress.
Sremack, J. (2015). Big data forensics – Learning Hadoop investigations. Packt Publishing.