Professional Documents
Culture Documents
Maintenance
Lecture 9
2 Introduction
• Most organizations
o Cannot sustain a permanent digital forensics team
o Collect data and outsource analysis
• Information security group personnel should be trained
to understand and manage the forensics proc ess to
avoid contamination of potential EM
• Expertise c an be obtained by training
55 Affidavits and Searc h
Warrants
• Affidavit
o Sworn testimony that certain facts are in the possession
of the investigating officer that they feel warrant the
examination of specific items located at a specific place
o The facts, the items, and the place must be specified
• When an approving authority signs the affidavit, it
becomes a search warrant, giving permission to:
o Search the EM at the specified location
o Seize items to return to the investigator for examination
56 Digital Forensics
Methodology
• All investigations follow the same basic methodology
1. Identify relevant items of evidentiary value (EM)
2. Acquire (seize) the evidence without alteration
or damage
3. Take steps to assure that the evidence is at every
step verifiably authentic and is unchanged from the time
it was seized
4. Analyze the data without risking modification
or unauthorized ac c e ss
5. Report the findings to the proper authority
57