The following three steps belong to the chain of custody for federal rules of evidence. What additional step is recommen
Posted: Mon Aug 01, 2022 9:35 am
The following three steps belong to the chain of custody for federal rules of evidence. What additional step is recommended between steps 2 and 3?
STEP 1 - Take notes: who, what, where, when and record serial numbers of machine(s) in question.
STEP 2 - Do a binary backup if data is being collected.
STEP 3 - Deliver collected evidence to law enforcement officials.
A. Rebuild the original hard drive from scratch, and sign and seal the good backup in a plastic bag.
B. Conduct a forensic analysis of all evidence collected BEFORE starting the chain of custody.
C. Take photographs of all persons who have had access to the computer.
D. Check the backup integrity using a checksum utility like MD5, and sign and seal each piece of collected evidence in a plastic bag.
STEP 1 - Take notes: who, what, where, when and record serial numbers of machine(s) in question.
STEP 2 - Do a binary backup if data is being collected.
STEP 3 - Deliver collected evidence to law enforcement officials.
A. Rebuild the original hard drive from scratch, and sign and seal the good backup in a plastic bag.
B. Conduct a forensic analysis of all evidence collected BEFORE starting the chain of custody.
C. Take photographs of all persons who have had access to the computer.
D. Check the backup integrity using a checksum utility like MD5, and sign and seal each piece of collected evidence in a plastic bag.