Forensics Processes

From Glitchdata
Jump to navigation Jump to search

Phases in Cyber Forensic Procedure:

  • Identification: Determine the required evidence.
  • Preservation: Maintain evidence integrity and security.
  • Analysis: Understand insights from the information.
  • Documentation: Recover data to describe the sequence of actions.
  • Presentation: Offer a structured overview leading to conclusions.


  • FIRST step is to establish a chain-of-custody log.
  • NEVER conduct forensics on live system
    • ONLY conduct forensics on copies on systems.


Forensic Processes

  • Evaluation
  • Preservation
    • Preservation and documentation of evidence for review by law enforcement and judicial authorities are of primary concern when investigating. Failure to properly preserve the evidence could jeopardize the admissibility of the evidence in legal proceedings.
  • Analysis
  • Disclosure