Phases of Digital Forensics

Following are the phases of digital forensics:

(i) Collection of information/ Pre search consideration

Before reaching the scene of the crime, the expert should have preliminary knowledge about the nature of the cybercrime. This information can be obtained from the first responding officer. Pre-search consideration helps the investigator to physically and mentally prepare for the crime and helps him to carry relevant tools to the scene of the crime. 

Phases of Digital Forensics

Following are the three steps involved in pre-search consideration:

(a) Securing and Evaluating

In this stage, the expert asks questions regarding crime and pays special attention to the safety issues. He also checks the consent issues.

(b) Conducting preliminary interviews

Take the preliminary interview of the owner or user of the computer system found at the scene of the crime. If the system is password protected then an expert may ask the access to the system. Also, try to know the purpose of the use of a computer by the user.

(c) Documentation of electronics found at the crime scene

Record the condition of the system, storage media available, other electronic devices, and other conventional evidence found at the scene of the crime.

Check the power status of the computer and so the photography and sketching of the scene of the crime.

(ii) Identification of digital evidence

This phase includes identifying evidence related to the electronic device in storage media, hardware, operating system, network, and application. This helps the expert to identify the evidence and where it is stored.

(iii) Collection and preservation of digital evidence

After the identification, we need to collect and preserve the electronic device and the data present in it so that the data cannot be tampered by climatic conditions or some unauthorized user. For example, a Hard disk should be collected and preserved in an Anti-static cover so that a charge cannot develop on the surface of the disk which can damage the data stored in it.

(iv) Analysis of digital evidence

After the preservation of the device and data, its analysis is done at the forensic lab. In this phase, the expert makes copies of the data for analysis, recovers the deleted files, and verifies the recovered data. This is the most crucial phase as the whole investigation depends on the analysis of digital evidence.

(v) Documentation of results

After analysis, the data, the conclusion, and the result should be properly documented. The result may have a record that contains all the recovered and available data which helps in recreating the crime scene.

(vi) Presentation

This is the final phase of the investigation in which the report is presented in the court to solve the case.

Related Post:

Popular Posts

Conducting Polymers: Definition, Examples, Properties and Applications

Image
What are Conducting Polymers? As the name suggests organic polymers that conduct electricity are known as conducting polymers. They are also known as intrinsically conducting polymers (ICPs) and they have alternating single and double bonds along the polymer backbone (conjugated bonds) or that are composed of aromatic rings such as Phenylene, naphthalene, anthracene, pyrrole, and thiophene which are connected through carbon-carbon single bonds. Examples: Polyacetylene, Polypyrrole, Polyaniline, etc What is the reason behind conducting nature of these polymers? Conducting polymers comes in two forms that are doped conducting polymers and non-doped conducting polymers. The conductivity of non-doped conjugated polymers is due to the existence of a conductivity band similar to a metal. In a conjugated polymer, three of the four valence electrons form strong sigma bonds through sp² hybridization where electrons are strongly localized. The remaining unpaired electron of each carbon atom re
Read more

Crime Scene: Definition, Types and Characteristics

Image
What is a Crime Scene ? A place where the crime is committed or where the maximum physical evidence related to crime is found is known as a crime scene. A crime scene is a starting point of the investigation which provides information about the suspect and the victim. This helps to reconstruct the crime and fast resolution of the case. It is noted that the crime scene is not limited to a single place but may extend to a wider area depending upon the nature of the crime committed. For example, In a murder case where murder is done at one place and the body is disposed on another place. In this case, we have two crime scenes that give information about the crime. Types of Crime Scene Based on evidence found on the crime scene: 1. Primary Crime Scene The crime scene where the actual crime occurred or where more usable pieces of evidence were found is known as the primary crime scene. For example, A murder scene, theft, assault, etc. 2. Secondary Crime Scene The crime scene which is some
Read more

Documentation of the Crime Scene: Step by Step

Image
What is documentation of the crime scene and Why it is done? After securing the crime scene, the next most important step is documentation of the crime scene because documentation permanently records the crime scene and its physical evidence. Documentation should be done without any wastage of time as the scene and its evidence may get altered over time. The documentation should be done innovatively and the originality of the crime scene should be maintained and documentation should not have pauses or breaks, it should remain constant till the whole crime scene is documented. There are four main tasks of documentation that is note-making, photography, videography , and sketching . It should be noted that all four tasks are necessary and none is a substitute for another. For example, notes are not substitutes for photography, video is not a substitute for sketching, etc. Following are the sequence for crime scene documentation: 1. Note making Documentation of crime scene in the f
Read more