Page 116 - Hacker HighShcool eBook
P. 116
LESSON 8 – DIGITAL FORENSICS
8.1 Forensic Principles
8.1.0 Introduction
There are a number of basic principles that are necessary regardless of whether you
are examining a computer or a corpse. This section is a quick summary of these principals.
8.1.1 Avoid Contamination
On TV you see forensic examiners dressed up in white suits with gloves, handling all
evidence with tweezers and putting it into sealed plastic bags. This is all to prevent
“contamination”. This is where evidence is tainted, for example, by fingerprints being added
to the handle of a knife by someone picking it up (think The Fugitive if you have seen it ... Look
what trouble it got him into ! )
8.1.2 Act Methodically
Whatever you do, when ( if ? ) you get to court, you will need to justify all the actions
that you have taken. If you act in a scientific and methodical manner, making careful notes
of what it is that you are doing and how you do it, this justification becomes much easier. It
also allows for someone else to follow your steps and verify that you haven't made a mistake
which may cast the value of your evidence in doubt.
8.1.3 Chain of Evidence
You must maintain something called the “Chain of Evidence”. This means that at any
point in time from the seizure of the evidence until it's final presentation in court, that you can
account for who has had access to it, and where it has been. This rules out the possibility that
someone has tampered with it, or falsified it in some way,
8.1.4 Conclusion
Keep these things in mind, and even if you are not going to take your work to court,
you will be able to maximize your abilities as a forensic examiner.
6
