EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 2 : Computer Forensics Investigation Process |
||||
| Notes available : 7 |
You are not logged in. Please Login for track your learning progress |
|||
Bookmark this Note
Note ID: 145
Stages of First Response by Laboratory Forensics Staff
If you want to share the link of this note, please click here to "Copy note link" and share that generated link. Link from URL may change in future.
The first response by laboratory forensic staff involves six stages.
1. Documenting the Electronic Crime Scene
Documentation of the electronic crime scene is a continuous process during the investigation and makes a permanent record of the scene. This includes photographing and sketching the scene.
2. Collecting Incident Information
Collecting incident information at the crime scene provides the basis for the forensic investigation and helps find the evidence easily if there is no third-party interference at the scene. Investigators can conduct individual interviews to verify if a crime has occurred and the nature of the incident. They can mark the perimeter and estimate the case process and potential damage caused. This stage involves the following:
o Asking questions
o Conducting individual interviews
3. Planning for Search and Seizure
Formulating a proper plan for the search and seizure activity ensures that the investigating team has the proper authorization and guidelines to begin the investigation process. This stage involves the following:
o Seeking consent
o Obtaining witness signatures
o Obtaining warrant for search and seizure
4. Identifying and Collecting Electronic Evidence
Electronic evidence is versatile in nature and easily broken. The staff should be cautious carrying out the following steps: o Conducting an initial search of the scene
o Securing and evaluating the crime scene
o Seizing evidence
o Dealing with powered-OFF/ON devices at the time of seizure
5. Packaging Electronic Evidence
At the time of packaging all collected electronic evidence, the staff must document and enlist the evidence, and all containers should be properly labeled. During packaging, the following steps should be taken:
o Following exhibit numbering
o Filling the panel on the front of evidence bags with proper details
o Avoiding folding and scratching storage devices
o Labelling the containers that hold the evidence in an appropriate way
6. Transporting Electronic Evidence
Incident responders/investigators should take special precautions for transporting electronic evidence. The following transporting procedures are to be followed to avoid physical damage:
o Ensuring proper handling and transportation to the forensics laboratory
o Having a strict chain of custody to keep track of all the forensics processes applied
 |
Go to notes |  |