Live Computer in a crime scene - how to record evidence


Feb 6, 2016
3
0
#1
Hi,

I am preparing for a security cert I just thought of knowing your insights in the below scenario.
Scenario - In a incident scene if you found a computer is on, what are the steps that need to be taken to record the evidence clearly and how it needs to be taken so that you don't miss out the volatile data.

I have searched on google and i was not able to find out how the data can be extracted from a live system and also wanted to know how it is done on a real time basis.

Thanks in advance.
 

SgtJackie

New Member
Nov 30, 2015
58
0
#3
Is it a desktop, a laptop, is it running Windows or Linux or some other OS? Is it acting as a server? Is it connected to a network? Wirelessly or cabled? Is it locked with a password? Is there a sysadmin who can help or are they all possible suspects? Is there encryption? Every single one of these will affect how the computer is taken down. And that's before we even get into the realms of authorisation to install monitoring software or seizing and removing items of possible evidence.
 

KrisKross

New Member
Mar 31, 2017
3
0
#4
I think this article will be interesting for you "https://www.cleverfiles.com/howto/computer-forensic.html" I think this article will be interesting for you. In reality it is not always easy to gather data without altering the system in some way (even the act of shutting a computer down in order to transport it will most likely cause changes to the data on that system) but an experienced investigator will always strive to protect the integrity of the original data whenever possible. In order to do this, many computer forensic examinations involve the making of an exact copy of all the data on a disk.


Moderator Note: Direct links are not allowed.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu