Conducting computer forensics

         investigations (continued)



         • Securing evidence (continued)


            – Collect evidence
                – Static acquisition

                – Live acquisition
            – Chain of custody

            – Multiple copies of digital data
         • Examining the evidence


            – Image copies

            – Protected files
            – RAID devices

         • Analyzing the evidence


         • Reporting

         12   © 2019 Association of International Certified Professional Accountants. All rights reserved.