DIGITAL EVIDENCE . María del Pilar Jácome August 2012. ¿What is Computer Forensics or Digital Forensics?.
María del Pilar Jácome
Types of Stored Documents
Digital Evidence Repository
It is the ability to convince, that the digital evidence provided is relevant to some specific facts. It is no only required for the exhibition of the digital data, but it is advisable at the moment of presenting the evidence, to explain what technology was used, which processes were implemented for the creation and storage of the data, and exhibit the digital certificates if available. The intent is to provide sufficient support to the electronic documents submitted to the process.
International Regulatory Framework
International Organization on Computer Evidence
Conventions against cybercrime
United States Regulation:
“Forensic Examination of Digital Evidence: a Guide for Law Enforcement”
“Electronic Crime Scene Investigation: a Guide for First Responders”
“Computer forensics” is process of the identification, preservation, analysis and presentation of digital evidences in a way that will be legally acceptable in any judicial and administrative process. Recover and analyze information showing that there was not manipulated (algorithms use from Hash-MD5 , SHA-1).
Document in detail every procedure perform on the evidences.
Analyze evidences following a specialized forensic methodology using tools appropriates for each case.
Present the Results through a detailed report of the analyzed information and the conclusions obtained.
Proper handing and documentation of the evidences in order to ensure the “chain of custody”.
Use forensic tools and indexing of information to analyze large amount of data.
Writing reports that illustrate the facts clearly and concisely.
Experience ratifying experts reports.
protect the scene to avoid the modification or destruction of digital evidence.
Identify among the company information systems which ones could contain relevant information.
Make exact copies of the identify evidences minimizing the impact on the original evidence.
Define the protocols to be follow in case fraud investigation.
Experience in investigations and information systems in order to identify the appropriate data sources.
Use of the fastest and most reliable tools of the market to ensure non-intrusion and minimal alteration of the original evidence.