One of the concepts that is essential to Digital Forensics is the Chain of Custody.As a Cyber Security Consultant and (occasional) Digital Forensics Investigator (e.g.
Example Of An Expert Witness Digital Forensics Report Software Source CodeExpert Witness), my experience in testifying includes dealing with many Chain of Custody questions when being cross-examined whether I was investigating software source code theft (using Forensics techniques) or performing a relevant Penetration test (Pen Test).Chain of Custody is essentially documenting the way that we secure, transport and verify that items acquired for investigation were held in an appropriate manner.
Chain of custody demonstrates trust to the courts and to client that the media was not tampered with. It is an audit trail of who did what and when it happened to a particular piece of evidence. Digital evidence is typically acquired from a myriad of devices including a vast number of IoT devices that store user information and data spores, digital video and images (which may store important metadata and obfuscatedhidden information), audio evidence, and other stored data on flash drives, hard disk drives, and other physical media. DF examiners will carve out particularly interesting data that will be used in testimony that supports or refutes the claim. The preservation of data is essential and well further discuss secure methods to handle digital forensics investigations later. During this step, not only are the results of the investigation process recorded and noted, the Chain of Custody documentation is completed to note the disposition of any collected evidence used in the examination and how it was used. Again, the Chain of Custody reporting may be involved in this step. However, I do use pre-formatted forms that provide great documentation. Example Of An Expert Witness Digital Forensics Report Professional Practice ThatForms are essential, especially if you (a) are working for a professional practice that usesrequires a formatted document for each item in evidence, (b) will be presenting the results of the investigation (e.g. The key elements that require documentation include (and are not limited to). Provide a sequence number, too, as this serves as a key field for the evidence tracking reports that you may generate). It is essential that we know who had access to each acquired piece of evidence. You will be asked to demonstrate this, if this is a court case.).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |