Best Practices For Cyber Forensics

1464 Words3 Pages

Best Practices for Cyber Forensics Paper
Introduction
Forensics has now entered a new age of collecting and analyzing evidence. Cyber forensics is a relatively new field that continues to expand upon its current operations, tactics and procedures. The development of cyber forensics has initialized the computer incident response techniques, recovery and analyzation of IT systems to include password cracking, and imaging which assist in the prosecution of criminals. As information technology and the cyber forensics have developed best practices in several areas of the field and we will discuss the critical pieces of these practices. These practices support the legal investigations and the prosecution of successful civil or criminal prosecution. …show more content…

Any evidence that can be collected appropriately and that is relevant to the case at hand can be beneficial for law enforcement. However, digital evidence has a process and should be collected in a specific way to be utilized in building a case against perpetuators of the law. Most criminals now knowingly or not leave a trail of evidence behind them for cyber forensic teams to collect on. Generally, when collecting evidence first the cyber forensics team will want to discuss the scene with investigators to determine the type of evidence that may or may not be collected. This will assist in determining the type of evidence, time spent on site, and location of the collection. Additionally, the type of evidence will also assist in determining what type of equipment to bring and review documentation regarding digital evidence collection if applicable. Due to the factor that cyber forensics may be relatively new teams are having to consult law experts to make sure specific evidence collection is within their right. Certain cases may require traditional forensics to be performed so cyber teams sent to investigate crime scenes should trained on how to do basic collection procedures such as DNA or fingerprinting collection. Evidence should not be removed unless necessary and required as well as some evidence may not be able to leave a crime …show more content…

As discussed previously mobile device isolation must be maintained because the digital data inside the phone may be exploited but not if it is changed. It is imperative that it is put in airplane mode so that this cannot happen. Lastly, standard forensic rules should be applied so that contaminants or fingerprints are not jeopardized. Clues or evidence could be exploited if handled correctly. These types of procedures should be universally adapted to improve cyber forensics process because it could be the decision between a guilty and not guilty verdict. (SWGDE Best Practices for Mobile Phone Forensics,

Open Document