Digital & Computer Forensics
Computer, Mobile & Digital Forensics News
Jun 25, 2015 at 08:21am
Phoenix lawyers rely on forensics firms that offer litigation support services that know what they are doing. Here are some of the most basic rules of digital forensic investigations:
Ditigal Forensics, Arizona State Law, and You
If you've ever been in a courtroom in Phoenix, you've probably been witness to the kind of talented digital forensics Arizona lawyers bring to the table. Digital forensics -- or computer forensics -- is a term used when forensic examiners use their expertise to obtain legal evidence from any digital medium, whether it's a hard drive, a cell phone, or an Email retrieved from an Internet server.Phoenix lawyers rely on forensics firms that offer litigation support services that know what they are doing. Here are some of the most basic rules of digital forensic investigations:
- The original evidence must not be altered in any way. This often means making a bitstream image of the evidence in question -- in other words, a bit-by-bit copy of the original medium that recreates the exact data on a different medium. That copy is then used for examination and searching, leaving the original in exactly the same state it was in when it was collected.
- Only a forensic analyst should have access to, or attempt to access, the data on any given digital medium. Not only does this preserve legal issues such as chain of custody, but it prevents 99% of potential data-nuking (e.g. altering metadata) screw ups that could cause the evidence to not be admitted in court.
- The analyst must have the proper legal authority before accessing the media. Along with all of the other legal obligations any investigator has, this is a crucial element of making sure that the information on the media will be allowed into evidence in court.
- Do not power off any device that is on. Particularly with personal computers, but some other devices as well, some information can be retrieved when a device is on that vanishes forever once it's turned off, including data on the RAM and in some parts of a computer's registry.
- Do not power on any device that is off. The electronic information can be altered and overwritten when this occurs.