Page 16 - Understandinging Forensic Technology Landscape

P. 16

Forensic collection

of electronic evidence

Electronic evidence in the forensic context

Forensic collection of electronic evidence is the The responsibility of digital forensic investigators is a
accumulation of electronically stored information threefold process:
(ESI) from files or electronic data left behind as a result 1. Preserving or recording the state of a digital device
of activities and transactions by the end-user (digital
artifacts). These digital artifacts include computers, 2. Analysing the state of digital device
network, cloud, hard drive, server, phone or any endpoint 3. Reporting retrieved information
system connected to the infrastructure. The activity ESI can exist in a variety of different physical and
also includes collecting information from emails, SMS logical locations within an infrastructure or custodian
messages, images, deleted files, and other sources. workspace:
The owners of these artifacts are typically called
custodians of ESI.

Desktops, laptops, servers, mobile devices, tablets, network
equipment, phone systems, USB storage devices, enterprise class
Physical devices storage systems, backup media, security appliances, alarm systems
and surveillance equipment

Email platforms, document management systems, cloud-based
Logical systems resources, file storage services, file transfer systems, off-site hosted
services, web-based applications, databases and system backups

Understanding the forensic technology landscape | 12

11 12 13 14 15 16 17 18 19 20 21