Professional Documents
Culture Documents
investigation?
The field of computer forensics investigation is growing, especially as law
enforcement and legal entities realize just how valuable information technology (IT)
professionals are when it comes to investigative procedures. With the advent of
cybercrime, tracking malicious online activity has become crucial for protecting
private citizens, as well as preserving online operations in public safety, national
security, government and law enforcement. Tracking digital activity allows
investigators to connect cyber communications and digitally-stored information to
physical evidence of criminal activity; computer forensics also allows investigators to
uncover premeditated criminal intent and may aid in the prevention of future
cybercrimes.
Digital evidence is volatile and fragile and the improper handling of this evidence can
alter it. Because of its volatility and fragility, protocols need to be followed to ensure
that data is not modified during its handling (i.e., during its access, collection,
packaging, transfer, and storage)
Evidence handling has four primary areas in any incident response activity. These
areas are: