cyber_Evidence collection steps: 1. Identification 2. Preservation 3. Examination 4. Analysis 5. Reporting
myguestemailnew
19 views
8 slides
Aug 28, 2024
Slide 1 of 8
1
2
3
4
5
6
7
8
About This Presentation
Evidence collection steps:
1. Identification
2. Preservation
3. Examination
4. Analysis
5. Reporting
Slide Content
CONTENTS
2
Introduction
Collection steps:
1.
Identification
2.
Preservation
3.
Examination
4.
Analysis
5.
Reporting
Conclusion
2
Introduction
Collection steps:
1.
Identification
2.
Preservation
3.
Examination
4.
Analysis
5.
Reporting
Conclusion
INTRODUCTION
v
WHAT IS AN EVIDENCE ?
Ø
physical object-->collected at a crime scene-->presented in a court
Ø
can be physical- fingerprints, DNA, weapons, or documents.
Ø
can be digital- emails, computer files, or social media posts.
v
WHAT IS DIGITAL EVIDENCE ?
Ø
electronic data -->from electronic devices and digital sources
Ø
important to ensure its integrity and admissibility in court.
v
COLLECTION STEPS
Ø
Identification, Preservation, Examination, Analysis, and Reporting.
3
v
WHAT IS AN EVIDENCE ?
Ø
physical object-->collected at a crime scene-->presented in a court
Ø
can be physical- fingerprints, DNA, weapons, or documents.
Ø
can be digital- emails, computer files, or social media posts.
v
WHAT IS DIGITAL EVIDENCE ?
Ø
electronic data -->from electronic devices and digital sources
Ø
important to ensure its integrity and admissibility in court.
v
COLLECTION STEPS
Ø
Identification, Preservation, Examination, Analysis, and Reporting.
3
1.IDENTIFICATION
potential digital evidence is recognised and documented.
identify the scope of the investigation and determine which types of
evidence are relevant to the case.
best practices for this stage:
1.Maintaining a chain of custody
- vital to document every step taken.
- use forensic tools to capture and log relevant information.
2.Verifying legal authority
- Processes should be in place to ensure that your
identification is conducted within the boundaries of legal
authority.
- obtain the necessary authorisation and adhere to legal procedures.
- document the legal basis for the investigation.
4
potential digital evidence is recognised and documented.
identify the scope of the investigation and determine which types of
evidence are relevant to the case.
best practices for this stage:
1.Maintaining a chain of custody
- vital to document every step taken.
- use forensic tools to capture and log relevant information.
2.Verifying legal authority
- Processes should be in place to ensure that your
identification is conducted within the boundaries of legal
authority.
- obtain the necessary authorisation and adhere to legal procedures.
- document the legal basis for the investigation.
4
2.PRESERVATION
to prevent any alterations or tampering.
maintaining the integrity and admissibility of evidence in court.
If spoliated or tampered-->detrimental to your case.
best practices of this stage:
1.Forensic images
- assist in the event of lost or tampered data
- make exact copies of forensic images of the original data
- use validated tools to ensure the integrity of copies.
2.Write-blocking
- hardware or software--> prevent any modifications
5
to prevent any alterations or tampering.
maintaining the integrity and admissibility of evidence in court.
If spoliated or tampered-->detrimental to your case.
best practices of this stage:
1.Forensic images
- assist in the event of lost or tampered data
- make exact copies of forensic images of the original data
- use validated tools to ensure the integrity of copies.
2.Write-blocking
- hardware or software--> prevent any modifications
5
3.EXAMINATION
a detailed review of the preserved evidence is performed.
includes identifying and extracting relevant information
1.Search techniques
- help identify relevant information.
- sometimes be cumbersome and cause those without experience in the
case to miss important documents.
- Other tools, such as sentiment analysis, leverage AI to search documents
by analysing the language used.
2.Metadata
- data that describes data --> a digital footprint of evidence in question.
- inconsistencies in metadata can either suggest the potential of
spoliation or call the validity of evidence to be called into question.
6
a detailed review of the preserved evidence is performed.
includes identifying and extracting relevant information
1.Search techniques
- help identify relevant information.
- sometimes be cumbersome and cause those without experience in the
case to miss important documents.
- Other tools, such as sentiment analysis, leverage AI to search documents
by analysing the language used.
2.Metadata
- data that describes data --> a digital footprint of evidence in question.
- inconsistencies in metadata can either suggest the potential of
spoliation or call the validity of evidence to be called into question.
6
4.ANALYSIS
digital forensics experts-->draw conclusions
create a narrative based on the relevant evidence in this step.
best practices of this stage:
1.Evidence correlation
- identify any relationships or correlations between different pieces of
evidence.
- essential step in building a case and a timeline of events with the batch
of digital evidence that's been presented.
2.Maintaining data integrity
- not alter original evidence, as this could endanger its validity
- Working on forensic copies or duplicated data sets can help
prevent unintentional changes while analysing your digital evidence.
7
digital forensics experts-->draw conclusions
create a narrative based on the relevant evidence in this step.
best practices of this stage:
1.Evidence correlation
- identify any relationships or correlations between different pieces of
evidence.
- essential step in building a case and a timeline of events with the batch
of digital evidence that's been presented.
2.Maintaining data integrity
- not alter original evidence, as this could endanger its validity
- Working on forensic copies or duplicated data sets can help
prevent unintentional changes while analysing your digital evidence.
7
5.Reporting
document your findings, note how you achieved them and create a
comprehensive report ready for presentation.
serve as a formal record of the entire investigation, often presented
throughout legal proceedings.
1.Documentation
- clear and concise, articulating the methods you used to reach your
conclusion and outlining your findings.
- explain the tools and techniques you used during your investigation.
2.Adherence to standards
- adhere with all legal standards and be admissible in court.
- include all relevant information, even if it is unfavourable to your case.
8
document your findings, note how you achieved them and create a
comprehensive report ready for presentation.
serve as a formal record of the entire investigation, often presented
throughout legal proceedings.
1.Documentation
- clear and concise, articulating the methods you used to reach your
conclusion and outlining your findings.
- explain the tools and techniques you used during your investigation.
2.Adherence to standards
- adhere with all legal standards and be admissible in court.
- include all relevant information, even if it is unfavourable to your case.
8
CONCLUSION
9
vWhat is Evidence
vWhat is Digital Evidence
vCollection Steps:
1.Identification
ØMaintain Chain of custody
ØVerifying legal authority
2.Preservation
ØForensic Images
ØWrite-blocking
3. Examination
ØSearch Techniques
ØMetadata
4. Analysis
ØEvidence correlation
ØMaintain Data Integrity
5. Reporting
ØDocumentation
ØAdherence to standards
9
vWhat is Evidence
vWhat is Digital Evidence
vCollection Steps:
1.Identification
ØMaintain Chain of custody
ØVerifying legal authority
2.Preservation
ØForensic Images
ØWrite-blocking
3. Examination
ØSearch Techniques
ØMetadata
4. Analysis
ØEvidence correlation
ØMaintain Data Integrity
5. Reporting
ØDocumentation
ØAdherence to standards
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 19
- Slides 8
- Age 476 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
41 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
45 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
40 views
14
Fertility awareness methods for women in the society
Isaiah47
38 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
37 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
39 views