-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmydignotes2.html
202 lines (200 loc) · 29.8 KB
/
mydignotes2.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
<!DOCTYPE html>
<html>
<head>
<title>Digital Forensics Notes</title>
</head>
<body>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><strong><u><span style="font-size: 18px;">Forensic notes </span></u></strong></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>electronic devices : types , description , and potential evidence </u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u><span style="text-decoration:none;"> </span></u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>computer systems</strong> - hardware , software , documents , images , emails and attachments , dbs, financial information , Internet browsing history , chat logs , event logs , on data stored on external devices</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>storage devices :</u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>hard drives – </strong>SCSI, SATA, IDE, laptop hard drives, IDE 40 pin, 2.5 IDE 44pin, SATA, SCSI hd 65 pin, SCSI IDC 50 pin</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> internally : magnetically charged , glass , ceramic or metal platters that store data</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>external hard drives</strong> - network storage devices , 3.5 , 2.5</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>removable media</strong> - zip discs , floppy discs , CD & DVD</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>thumb drives</strong> - small lightweight and normally disguised as watches or lighters or toys</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>memory cards</strong> - smart media , secure digital (SD), mini cards , micro cards, memory stick , compact flash card</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> evidence : email messages , Internet browser , chat logs , photos , image files , DB , financial records , event logs</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>handheld devices :</u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>Phones, PDA pages, digital cameras, GPS</strong> - may contain software applications data and information such as emails , browsing, documents, email messages , photos , image files , financial records</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">NOTE:</span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">data may be lost if power not maintained</span></li>
<li><span style="font-size: 18px;">data on some mobile phones can be overwritten while devices active</span></li>
<li><span style="font-size: 18px;">can remotely render device unusable if lost or stolen same with the law enforcement ticket as well</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>peripheral devices : </strong>Keyboard, mouse, microphones , USB on firewire hubs, web cameras , memory card readers , VoIP devices.</span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">Sources of DNA, fingerprints</span></li>
<li><span style="font-size: 18px;">These devices and function they perform facilitate at all potential evidence</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>other potential sources of digital evidence :</strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">data storage tape drives , surveillance equipment , digital cameras and video cameras, digital audio recorders , digital video recorders , MP3 players , satellite audio , video recorders and access cards, computer chop headsets , keyboard mouse and video , sharing switch , SIM card reader , thumbprint reader , and reference materials such as books</span></p>
<div style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'>
<ul style="margin-bottom:0cm;list-style-type: undefined;">
<li style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">device or item itself , intended use or actual use , on settings within all potential evidence</span></li>
</ul>
</div>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>Computer Networks:</strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">Network up , laptop network card , Internet modems , network switch power supply , wireless access points , wireless network server , directional antennas for wireless cards , wireless USB devices</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">data contained is useful such as emails documents photo software and browsing history</span></li>
<li><span style="font-size: 18px;">useful as evidence and for prosecution</span></li>
<li><span style="font-size: 18px;">the device functions in settings associated with systems UN Connexions which includes the IP address on the local area network addresses are associated with the computers on their devices</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>Chapter 2 :</u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>investigation tools and equipment </u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">Tools and materials for collecting digital evidence:</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>first responders need the following :</strong> cameras , cardboard boxes , notepads, gloves, evidence inventory logs, evidence tape , paper evidence bags , evidence tags and labels , crime scene tape , anti static bags, permanent markers and non magnetic tools.</span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">should also have radio frequency shielding materials such as Faraday isolation bags or aluminium foil to wrap cell phones or smart phones or even other mobile devices</span></li>
<li><span style="font-size: 18px;">wrapping the phone in radio frequency shielding material prevents the phone from receiving a call or text message or other communication signal that may alter the evidence.</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u><span style="text-decoration:none;"> </span></u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>Securing and evaluating the scene </u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>first responders primary considerations:</strong> officer safety , safety of everyone at the crime scene , all actions to be compliant with the law for collecting on site evidence .</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>after securing the site: </strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">first visually ID all potential evidence</span></li>
<li><span style="font-size: 18px;">ensure the integrity of both the digital untraditional evidence is preserved</span></li>
<li><span style="font-size: 18px;">digital evidence on computers can easily be changed altered and even deleted</span></li>
<li><span style="font-size: 18px;">should document and photograph and secure digital evidence as soon as possible</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>when securing and evaluating the scene the first responder should: </strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">follow departmental policy for securing crimes scenes</span></li>
<li><span style="font-size: 18px;">immediately secure all electronic devices including personal and portable devices and ensure no unauthorised person has access to carry any electronic devices at the crime scene</span></li>
<li><span style="font-size: 18px;">refuse offers of help or technical assistance from any unauthorised persons</span></li>
<li><span style="font-size: 18px;">remove all persons from the crime scene or the immediate area from which evidence is to be collected</span></li>
<li><span style="font-size: 18px;">ensure condition of any electronic device is not altered</span></li>
<li><span style="font-size: 18px;">leave a computer electronic device off already off</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">remember components such as keyboards mouse removable storage media holds evidence such as fingerprints and DNA so physical evidence should not be compromised during documentation.</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>if computer is on or it cannot be determined, the first responder:</strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">look and listen for indications that the computer may be powered on</span></li>
<li><span style="font-size: 18px;">check display screen for signs that digital evidence is being destroyed so look after words such as delete format remove copy move et cetera</span></li>
<li><span style="font-size: 18px;">look for indications that computer is being accessed from a remote computer or device</span></li>
<li><span style="font-size: 18px;">look for signs of communication with other computers or users such as instant messaging windows or even chat rooms</span></li>
<li><span style="font-size: 18px;">note down all the cameras and webcams and determine if any active</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>preliminary interviews:</u></strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">First responder should ID everyone at the crime scene and record time of entry on the persons of interest</span></li>
<li><span style="font-size: 18px;">no one should have access to any computer device</span></li>
<li><span style="font-size: 18px;">first responders should obtain as much information from these crime scenes such as:</span>
<ol style="list-style-type: circle;">
<li><span style="font-size: 18px;">name of all uses of the computers and devices</span></li>
<li><span style="font-size: 18px;">computer and Internet user information</span></li>
<li><span style="font-size: 18px;">login names user account names</span></li>
<li><span style="font-size: 18px;">purpose of the computers</span></li>
<li><span style="font-size: 18px;">all the passwords</span></li>
<li><span style="font-size: 18px;">any automated applications in use</span></li>
<li><span style="font-size: 18px;">type of Internet access</span></li>
<li><span style="font-size: 18px;">any off site storage</span></li>
<li><span style="font-size: 18px;">ISP</span></li>
<li><span style="font-size: 18px;">installed software documentation</span></li>
<li><span style="font-size: 18px;">all email accounts</span></li>
<li><span style="font-size: 18px;">security provisions in use</span></li>
<li><span style="font-size: 18px;">Webmail account information</span></li>
<li><span style="font-size: 18px;">data access restrictions in place</span></li>
<li><span style="font-size: 18px;">all instant message screen names</span></li>
<li><span style="font-size: 18px;">all destructive devices or software in use</span></li>
<li><span style="font-size: 18px;">social media accounts</span></li>
</ol>
</li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>Chapter 4 </u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>documenting the scene </u></strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">documentation of the crime scene creates a record for the investigation</span></li>
<li><span style="font-size: 18px;">very important to accurately record the properly:</span>
<ol style="list-style-type: circle;">
<li><span style="font-size: 18px;">location of the scene</span></li>
<li><span style="font-size: 18px;">the scene itself</span></li>
<li><span style="font-size: 18px;">the state</span></li>
<li><span style="font-size: 18px;">Powell states</span></li>
<li><span style="font-size: 18px;">conditions of the computer storage media wireless devices mobile phones and other devices</span></li>
<li><span style="font-size: 18px;">another device is in close proximity</span></li>
</ol>
</li>
<li><span style="font-size: 18px;">avoid moving computers or devices until switched off and then look for the serial numbers</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">initial documentation:</span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">detailed recording using video</span></li>
<li><span style="font-size: 18px;">photography</span></li>
<li><span style="font-size: 18px;">no sketches to help recreate or convoy details of scene</span></li>
<li><span style="font-size: 18px;">activities process is on display screen should be fully documented</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">documentation should include :</span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">entire location including type location position of the computers and their components peripheral equipment and other devices</span></li>
<li><span style="font-size: 18px;">physical Connexions from the computer to other computers</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<ol style="list-style-type: decimal;">
<li><span style="font-size: 18px;">record any network or wireless access points that may be present and capable of linking other computers and devices so this may be classed as extra evidence which is beyond the crime scene</span></li>
<li><span style="font-size: 18px;">even if the first responder cannot collect all the devices this may be due to the laws in place he or she should still document them</span></li>
</ol>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>Chapter 5</u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>Evidence Collection </u></strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">First responders had proper authority to collect and search evidence - this could be the consent or court order</span></li>
<li><span style="font-size: 18px;">these levels must be handled carefully to preserve integrity both physical and data</span></li>
<li><span style="font-size: 18px;">some evidence requires special packaging</span></li>
<li><span style="font-size: 18px;">data can be damaged or altered by electromagnetic fields such as those generated by static electricity magnets radio transmitters all the devices</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>Chapter 6</u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong><u>packaging transportation storage of digital evidence </u></strong></span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>digital evidence :</strong> is fragile and sensitive to extreme temperatures , humidity , physical shocks , static electricity and magnetic fields</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"> </span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>packaging procedures : </strong>collected properly labelled marked photographed video recorded or sketched and inventoried before it is packaged .</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">-all Connections and connected devices should be labelled for easy configurations of the system later</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">-packing anti static bags</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">-plastic material should not be used when collecting digital evidence because plastic companies use or convey static electricity and allow humidity and condensation to develop so it may damage or destroy the evidence</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">-pack mobile phones and signal blocking materials such as the Faraday isolation bugs or radio frequency shielding material or aluminium foil to protect messages sent send for the phone</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;">-collect all power supplies and adapters for all electronic devices seized</span></p>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>transportation procedures:</strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">when transporting keep away from magnetic fields ( radio transmitters ,speaker magnets and magnet mount emergency lights ,)</span></li>
<li><span style="font-size: 18px;">do not turn on heat seat in the car</span></li>
<li><span style="font-size: 18px;">do not keep in vehicle for long periods of time as the shock and vibration can damage it</span></li>
<li><span style="font-size: 18px;">document the transportation of digital evidence and maintain a chain of custody on all evidence transported</span></li>
</ul>
<p style='margin-top:0cm;margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm;line-height:107%;font-size:15px;font-family:"Calibri",sans-serif;'><span style="font-size: 18px;"><strong>storing procedures:</strong></span></p>
<ul style="list-style-type: undefined;">
<li><span style="font-size: 18px;">when storing digital evidence the first responders should , </span>
<ol style="list-style-type: circle;">
<li><span style="font-size: 18px;">ensure fully inventorized accordance to policy</span></li>
<li><span style="font-size: 18px;">Ensure it is stored in climate controlled environment or location not subject to extreme temperatures</span></li>
<li><span style="font-size: 18px;">ensure the digital evidence is not exposed to magnetic fields moisture dust or vibration</span></li>
</ol>
</li>
<li><span style="font-size: 18px;">if more than one computer seized label the computer and the components starting with the letter A .</span></li>
</ul>
</body>
</html>