Forensics Processes

From Glitchdata
Jump to navigation Jump to search

  • FIRST step is to establish a chain-of-custody log.
  • NEVER conduct forensics on live system
    • ONLY conduct forensics on copies on systems.

Forensic Processes

  • Evaluation
  • Preservation
    • Preservation and documentation of evidence for review by law enforcement and judicial authorities are of primary concern when investigating. Failure to properly preserve the evidence could jeopardize the admissibility of the evidence in legal proceedings.
  • Analysis
  • Disclosure