{"id":9805,"date":"2020-05-27T18:16:47","date_gmt":"2020-05-27T18:16:47","guid":{"rendered":"https:\/\/ermprotect.com\/?page_id=9805"},"modified":"2024-10-03T19:56:43","modified_gmt":"2024-10-04T00:56:43","slug":"digital-forensics","status":"publish","type":"page","link":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/digital-forensics\/","title":{"rendered":"Digital Forensics"},"content":{"rendered":"<div id=\"pl-9805\"  class=\"panel-layout\" ><div id=\"pg-9805-0\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-0\" data-stretch-type=\"full\" ><div id=\"pgc-9805-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-0-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"0\" ><div class=\"panel-widget-style panel-widget-style-for-9805-0-0-0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-628bbc37cc66-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h1 class=\"sow-headline\">\n\t\t\t\t\t\tDigital Forensics\t\t\t\t\t\t<\/h1>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><\/div><div id=\"panel-9805-0-0-1\" class=\"so-panel widget widget_sow-button panel-last-child widgetopts-SO\" data-index=\"1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-button so-widget-sow-button-flat-9e92d84e1ed7-9805\"\n\t\t\t\n\t\t><div class=\"ow-button-base ow-button-align-left\"\n>\n\t\t\t<a\n\t\t\t\t\thref=\"https:\/\/lp.ermprotect.com\/digital-forensics-incident-response-services\"\n\t\t\t\t\tclass=\"sowb-button ow-icon-placement-left ow-button-hover\" \t>\n\t\t<span>\n\t\t\t\n\t\t\tOur Services\t\t<\/span>\n\t\t\t<\/a>\n\t<\/div>\n<\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-1\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-1\" id=\"what-is-digital-forensics\" data-stretch-type=\"full\" ><div id=\"pgc-9805-1-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-1-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"2\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-389d5e03b420-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tWhat is Digital Forensics?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-1-0-1\" class=\"so-panel widget widget_sow-editor widgetopts-SO\" data-index=\"3\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>Digital forensics, sometimes referred to as \u201ccomputer forensics,\u201d is the process of identification, preservation, examination, documentation, and presentation of digital evidence found on a computer, phone, or digital storage media. Essentially, digital artifacts can be collected from all devices that store data such as phones, laptops, hard disks, pen drives, etc.<\/p>\n<p><a href=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/blog\/what-is-digital-forensics-and-when-do-you-need-it\/\" target=\"_blank\" rel=\"noopener\">Digital forensics<\/a> involves analyzing these digital artifacts in order to find out what happened, how and when it happened, and who was involved in an alleged crime or malfeasance. The results of a digital forensic investigation can then be used as evidence in a court of law.<\/p>\n<\/div>\n<\/div><\/div><div id=\"panel-9805-1-0-2\" class=\"so-panel widget widget_sow-headline widgetopts-SO\" data-index=\"4\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-89e705e2c63a-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h1 class=\"sow-headline\">\n\t\t\t\t\t\tNeed a digital forensics expert?\t\t\t\t\t\t<\/h1>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-1-0-3\" class=\"so-panel widget widget_sow-button panel-last-child widgetopts-SO\" data-index=\"5\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-button so-widget-sow-button-flat-57d35fbf3fac-9805\"\n\t\t\t\n\t\t><div class=\"ow-button-base ow-button-align-center\"\n>\n\t\t\t<a\n\t\t\t\t\thref=\"https:\/\/lp.ermprotect.com\/digital-forensics-incident-response-services\"\n\t\t\t\t\tclass=\"sowb-button ow-icon-placement-left ow-button-hover\" \t>\n\t\t<span>\n\t\t\t\n\t\t\t     We Can Help     \t\t<\/span>\n\t\t\t<\/a>\n\t<\/div>\n<\/div><\/div><\/div><div id=\"pgc-9805-1-1\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-1-1-0\" class=\"so-panel widget widget_sow-editor panel-first-child panel-last-child widgetopts-SO\" data-index=\"6\" ><div class=\"panel-widget-style panel-widget-style-for-9805-1-1-0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t><h3 class=\"widget-title\">Table of Contents<\/h3>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p><a href=\"#what-is-digital-forensics\">What is Digital Forensics<\/a><\/p>\n<p><a href=\"#types-of-digital-forensics\">Types of Digital Forensics<\/a><\/p>\n<p><a href=\"#digital-forensics-in-investigations\">What are the Types of Digital Forensics<\/a><\/p>\n<p><a href=\"#a-structured-process\">What is the Digital Forensics Process?<\/a><\/p>\n<ul>\n<li><a href=\"#step-1-identification\">Step 1: Identification<\/a><\/li>\n<p><\/p>\n<li><a href=\"#step-2-preservation\">Step 2: Preservation<\/a><\/li>\n<p><\/p>\n<li><a href=\"#step-3-examination\">Step 3: Examination<\/a><\/li>\n<p><\/p>\n<li><a href=\"#step-4-documentation\">Step 4: Documentation<\/a><\/li>\n<p><\/p>\n<li><a href=\"#step-5-reporting\">Step 5: Reporting<\/a><\/li>\n<\/ul>\n<p><a href=\"#evidence-handling-procedures\">What are the Procedures for Evidence Handling?<br \/>\n<\/a><\/p>\n<p><a href=\"#tools\">What Tools are Used in Forensic Investigations?<\/a><\/p>\n<p><a href=\"#how-to-pick-digital-firm\">How do you Pick a Digital Forensics Company?<\/a><\/p>\n<p><a href=\"#legal-considerations\">What are the Legal Considerations?<\/a><\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-2\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-2\" id=\"types-of-digital-forensics\" data-stretch-type=\"full\" ><div id=\"pgc-9805-2-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-2-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"7\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-61bfc8490b48-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tWhat are the Types of Digital Forensics?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-2-0-1\" class=\"so-panel widget widget_siteorigin-panels-builder panel-last-child widgetopts-SO\" data-index=\"8\" ><div id=\"pl-w5ecebc6c5a8cc\"  class=\"panel-layout\" ><div id=\"pg-w5ecebc6c5a8cc-0\"  class=\"panel-grid panel-no-style\" ><div id=\"pgc-w5ecebc6c5a8cc-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ecebc6c5a8cc-0-0-0\" class=\"so-panel widget widget_lsow-services panel-first-child panel-last-child widgetopts-SO\" data-index=\"0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-lsow-services so-widget-lsow-services-default-7103278a78a6\"\n\t\t\t\n\t\t><div id=\"lsow-services-1\" class=\"lsow-services lsow-style2 lsow-grid-container  lsow-grid-desktop-2 lsow-grid-tablet-2 lsow-grid-mobile-1\"><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf6ff;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Network Forensics<\/h3><div class=\"lsow-service-details\">Network forensics relates to monitoring a computer network and analyzing the traffic to gather information, evidence, or source of cyberattacks. Network forensics in the context of cyberattacks deals with analyzing the nature of attacks by focusing on attacker activity. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf1c0;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Database Forensics<\/h3><div class=\"lsow-service-details\">Database forensics relates to the forensic analysis of databases and the data they store. Often computer forensic investigators analyze databases to see who accessed the database and what actions were performed over a specific period of time to identify suspicious activities or transactions. They can potentially recover deleted information.<\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf1eb;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Wireless Forensics<\/h3><div class=\"lsow-service-details\">Wi-Fi networks are lucrative entry points for hackers. Wireless forensics deals with capturing data moving over wireless networks via wireless routers, wireless access points, Wi-Fi switches and other Wi-Fi transmissions. Computer forensic experts often analyze wireless networks to identify rogue or unauthorized devices, malware, intrusions, or infected devices. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf51f;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Disk Forensics<\/h3><div class=\"lsow-service-details\">Disk forensics involves extracting data from storage media such as hard drives, USB drives, Flash drives, and so on. Computer forensic experts use their knowledge and experience - supplemented with tools, technology, and examination techniques - to recover data from devices even in situations where the devices are physically or logically damaged. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf0c2;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Cloud Forensics<\/h3><div class=\"lsow-service-details\">Cloud forensics involves applying the principles and methods of forensic investigation in a cloud environment. This often turns out to be quite complicated because data could be distributed across several cloud servers which, in turn, could be located in various physical locations and even different countries. While performing digital forensic investigations on such a scattered dataset can be challenging, experienced computer forensic investigators have means to tackle these assignments. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf3cd;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Mobile Forensics<\/h3><div class=\"lsow-service-details\">Mobile forensics deals with the examination and analysis of mobile devices to retrieve stored data such as contacts, logs, SMS, audio and video files, email, web browsing information, location information, social networking messages etc. Mobile forensics has become increasingly important in recent times due to the fact that devices have grown into sophisticated, pocket-sized computers with ever-increasing functionalities and data storage capacities. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-far\" data-sow-icon=\"&#xf0e0;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Email Forensics<\/h3><div class=\"lsow-service-details\">Email forensics deals with recovering and analyzing the source and content of emails including deleted emails, calendar entries, contacts, and such. Computer forensic investigators typically analyze email headers, server logs, email sources, attachments in emails, and so on to investigate email-related crimes. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf109;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Desktop Forensics<\/h3><div class=\"lsow-service-details\">Desktop forensics involves the collection, preservation, analysis, and presentation of evidence found on computers and related storage devices. Forensic computer investigators look deeply into the contents of storage devices, hard drives, emails, documents and other files. They also dig into metadata and also extract data that is hidden or deleted.    <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><\/div><!-- .lsow-services --><div class=\"lsow-clear\"><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-3\"  class=\"panel-grid panel-has-style\" ><div class=\"lsow-dark-bg siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-3\" id=\"digital-forensics-in-investigations\" data-stretch-type=\"full\" ><div id=\"pgc-9805-3-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-3-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"9\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-c9f3e3956842-9805 so-widget-fittext-wrapper\"\n\t\t\t data-fit-text-compressor=\"0.85\"\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h3 class=\"sow-headline\">\n\t\t\t\t\t\tWhat Types of Investigations Require Digital Forensics?\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<p class=\"sow-sub-headline\">\n\t\t\t\t\t\tThere are broadly two types of investigations where digital forensic expertise is called upon:\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-3-0-1\" class=\"so-panel widget widget_siteorigin-panels-builder panel-last-child widgetopts-SO\" data-index=\"10\" ><div class=\"panel-widget-style panel-widget-style-for-9805-3-0-1\" ><div id=\"pl-w5ed127c034391\"  class=\"panel-layout\" ><div id=\"pg-w5ed127c034391-0\"  class=\"panel-grid panel-no-style\" ><div id=\"pgc-w5ed127c034391-0-0\"  class=\"panel-grid-cell\" ><div class=\"panel-cell-style panel-cell-style-for-w5ed127c034391-0-0\" ><div id=\"panel-w5ed127c034391-0-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-7088989aa738\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h3 class=\"sow-headline\">\n\t\t\t\t\t\tPublic Investigations\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-w5ed127c034391-0-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"1\" ><div class=\"panel-widget-style panel-widget-style-for-w5ed127c034391-0-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>Investigations that involve criminal or civil cases. Criminal cases involve alleged breaking of laws and offenses against individuals and the state while civil cases involve disputes or lawsuits in which the questions of property or money must be settled. Lawyers often rely on digital forensic expertise to present digital evidence in court to support or refute allegations. \u00a0In criminal cases, computer forensic investigators could obtain and investigate computers and other digital devices that may have been used for the crime.<\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><div id=\"pgc-w5ed127c034391-0-1\"  class=\"panel-grid-cell\" ><div class=\"panel-cell-style panel-cell-style-for-w5ed127c034391-0-1\" ><div id=\"panel-w5ed127c034391-0-1-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"2\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-eb52e5a08944\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h3 class=\"sow-headline\">\n\t\t\t\t\t\tPrivate Investigations\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-w5ed127c034391-0-1-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"3\" ><div class=\"panel-widget-style panel-widget-style-for-w5ed127c034391-0-1-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>Private investigations are often corporate investigations where organizations hire digital forensic experts to identify the cause of a data breach, a data leak, or a cyberattack that the organization faced. Violations of organizational policies could also lead to such private investigations where digital forensic experts could be called upon. Examples of such situations include corruption, misbehavior or misconduct of employees, and such.<\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-4\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-4\" id=\"a-structured-process\" data-stretch-type=\"full\" ><div id=\"pgc-9805-4-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-4-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"11\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-72a28c44f283-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tWhat is the Digital Forensics Process?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<h3 class=\"sow-sub-headline\">\n\t\t\t\t\t\tDigital forensics is a detailed, methodical process. Strict adherence to a methodology could mean the difference between success or failure of a computer forensics investigation. There are broadly five steps that a digital forensic investigation follows:\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-4-0-1\" class=\"so-panel widget widget_siteorigin-panels-builder panel-last-child widgetopts-SO\" data-index=\"12\" ><div id=\"pl-w5ed13410befbd\"  class=\"panel-layout\" ><div id=\"pg-w5ed13410befbd-0\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-w5ed13410befbd-0\" id=\"step-1-identification\" data-stretch-type=\"full\" ><div id=\"pgc-w5ed13410befbd-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ed13410befbd-0-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-8eabbd9349e8\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tStep 1: Identification\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-w5ed13410befbd-0-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"1\" ><div class=\"redh3 panel-widget-style panel-widget-style-for-w5ed13410befbd-0-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>In this very first step, all potential sources of evidence that are capable of storing digital information are identified such as computers, phones, hard drives, pen drives, etc. Forensic experts then identify which of these devices require analysis to meet case objectives. The scope could range from a single laptop to a complete network. In the event that an entire network is under scrutiny, the investigator must identify any rogue devices on the network that are unknown to the \u00a0organization. In such cases, the mapping and identification of all the machines and devices in the networked environment becomes a forensic expert\u2019s first task.<\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-w5ed13410befbd-1\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-w5ed13410befbd-1\" id=\"step-2-preservation\" data-stretch-type=\"full\" ><div id=\"pgc-w5ed13410befbd-1-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ed13410befbd-1-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"2\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-8eabbd9349e8\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tStep 2: Preservation\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-w5ed13410befbd-1-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"3\" ><div class=\"redh3 panel-widget-style panel-widget-style-for-w5ed13410befbd-1-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>Next, the scope of materials identified in the first step are isolated, secured, and preserved. Steps are taken to ensure that people do not use these devices so that the evidence is secured. Evidence is handled in a manner that in a manner that maintains the authenticity, and hence credibility, of data. Next, an <em>image <\/em>of the evidence is created. An image is a bit-by-bit copy of the evidence (hard drive, USB device, shared network folder, etc.). Evidence collection concludes when all relevant evidence is imaged. The following aspects are among the many issues to be considered in relation to data collection:<\/p>\n<ul>\n<li>To collect volatile data like RAM data or current users logged into the network, the system would remain on during the collection process.<\/li>\n<p><\/p>\n<li>It is necessary to create a duplicate copy of the original source to create an image of the evidence. Hashing techniques should be used to ensure integrity.<\/li>\n<p><\/p>\n<li>In the event that it is necessary to completely seize the physical devices and then collect data from them, the devices might need to be on or off depending on the specific situations.<\/li>\n<\/ul>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-w5ed13410befbd-2\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-w5ed13410befbd-2\" id=\"a-structured-process\" data-stretch-type=\"full\" ><div id=\"pgc-w5ed13410befbd-2-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ed13410befbd-2-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"4\" ><div id=\"step-3-examination\" class=\"panel-widget-style panel-widget-style-for-w5ed13410befbd-2-0-0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-8eabbd9349e8\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tStep 3: Examination\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><\/div><div id=\"panel-w5ed13410befbd-2-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"5\" ><div class=\"redh3 panel-widget-style panel-widget-style-for-w5ed13410befbd-2-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>This step involves in-depth analysis of all the images or copies of evidence in place. The examination phase is never carried out on the actual evidence so that the original evidence remains intact in the event that something goes wrong. There are different types of data that are of interest to a forensic expert at this point:<\/p>\n<ul>\n<li><strong><em>Saved Data<\/em><\/strong> - This is data that is not deleted or created temporarily and is simply present on the image. This could include files created by various users on the system under investigation and could also include operating system specific files.<\/li>\n<p><\/p>\n<li><strong><em>Temporary Data<\/em><\/strong> - A number of programs on a computer system create temporary files and archived files. For instance, try opening a Microsoft Word document and you will notice in the folder, where the file is located, that a number of temporary files are created that often start with a \u2018~\u2019 character or have a \u201c.TMP\u201d extension. Such files represent a snapshot of the original file at some point in time and could be important.<\/li>\n<p><\/p>\n<li><strong><em>Deleted Data<\/em><\/strong> - Data that is deleted is still present on a computer system or device. Deletion only instructs the operating system to \u201cforget\u201d that this data exists and notes that the location occupied by this data is now free to be overwritten. The data remains there until the computer writes new data on that part of the drive. With the right tools, this deleted data can still be extracted as long as it hasn\u2019t been overwritten. It is also sometimes possible to reconstruct the file even if it has been partially overwritten. Deleted data is sometimes one of the most important pieces of the forensic puzzle.<\/li>\n<p><\/p>\n<li><strong><em>Metadata<\/em><\/strong> - Metadata is data that describes data. For instance, a file could have related information such as the time of creation of the file, the time it was last modified, the physical location of the file on the hard drive, etc. When data is deleted, it is this metadata that is deleted by the operating system. So, basically, the operating system does not \u201cknow\u201d where the data is located anymore. But the fact remains that the data still exists on the drive or storage media.<\/li>\n<p><\/p>\n<li><strong><em>Slack Space Data<\/em><\/strong> - Slack space is the area on a hard drive or storage media that is not used by the operating system. Almost every file on a computer system has some associated slack space. If you were given 1.5 gallons of fuel and had 2 canisters of 1 gallon each to fill it, one of these would be full and the other would be half-full. The remainder of the second canister, which is the half-empty portion, is the slack space. This slack space on storage media can sometimes contain data that could change the course of a trial.<\/li>\n<\/ul>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-w5ed13410befbd-3\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-w5ed13410befbd-3\" id=\"step-4-documentation\" data-stretch-type=\"full\" ><div id=\"pgc-w5ed13410befbd-3-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ed13410befbd-3-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"6\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-8eabbd9349e8\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tStep 4: Documentation\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-w5ed13410befbd-3-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"7\" ><div class=\"redh3 panel-widget-style panel-widget-style-for-w5ed13410befbd-3-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>In this phase, an accurate record of all activities undertaken in relation to the investigation is created. This includes details of the methods used for retrieving, copying, storing, and testing data as well as methods used to examine and access evidence. The forensic expert creates a timeline of events that serves as a foundation for the investigation. Good documentation is critical and should demonstrate how the integrity of data was maintained and also prove that proper policies and procedures were adhered to by everyone involved in the investigation. An investigator\u2019s failure to accurately document the process could compromise the validity and admissibility of the evidence.<\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-w5ed13410befbd-4\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-w5ed13410befbd-4\" id=\"a-structured-process\" data-stretch-type=\"full\" ><div id=\"pgc-w5ed13410befbd-4-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ed13410befbd-4-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"8\" ><div id=\"step-5-reporting\" class=\"panel-widget-style panel-widget-style-for-w5ed13410befbd-4-0-0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-8eabbd9349e8\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tStep 5: Reporting\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><\/div><div id=\"panel-w5ed13410befbd-4-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"9\" ><div class=\"redh3 panel-widget-style panel-widget-style-for-w5ed13410befbd-4-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>A good report can serve as the invaluable link between the technical and non-technical elements of a case. A report needs to be comprehensive but at the same time it should be simple and offer an easily understandable explanation of the case-relevant sections of the evidence. The report is, essentially, the evidence itself in a form that everyone present in court can understand and interpret. At a minimum, a forensic report should identify the data and the events that took place, an independent evaluation of the sequence of events, and a conclusion or opinion at the end. There\u2019s a rule of thumb that you need to follow in digital forensics \u2013 If You Didn\u2019t Write It Down, It Didn\u2019t Happen! This is a simple rule to live by when it comes to documenting all the activities involved in the investigation.<\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-5\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-5\" id=\"evidence-handling-procedures\" data-stretch-type=\"full\" ><div id=\"pgc-9805-5-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-5-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"13\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-61bfc8490b48-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tWhat are the Procedures for Evidence Handling?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<h3 class=\"sow-sub-headline\">\n\t\t\t\t\t\tEvidence handling is one of the most important aspects of digital forensics because it singlehandedly determines whether evidence will meet the standards necessary to be admissible in a court of law. Evidence needs to be authentic, reliable, and complete in order to be considered legally valid. Here are some key elements that need to be kept in mind in relation to evidence handling:\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-5-0-1\" class=\"so-panel widget widget_siteorigin-panels-builder panel-last-child widgetopts-SO\" data-index=\"14\" ><div id=\"pl-w5ed13415ec445\"  class=\"panel-layout\" ><div id=\"pg-w5ed13415ec445-0\"  class=\"panel-grid panel-no-style\" ><div id=\"pgc-w5ed13415ec445-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5ed13415ec445-0-0-0\" class=\"so-panel widget widget_lsow-services panel-first-child panel-last-child extendedwopts-md-left widgetopts-SO\" data-index=\"0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-lsow-services so-widget-lsow-services-default-7103278a78a6\"\n\t\t\t\n\t\t><div id=\"lsow-services-1\" class=\"lsow-services lsow-style2 lsow-grid-container  lsow-grid-desktop-2 lsow-grid-tablet-2 lsow-grid-mobile-1\"><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-far\" data-sow-icon=\"&#xf022;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Policies and Procedures<\/h3><div class=\"lsow-service-details\">It is critical to establish policies and procedures that provide detailed guidance on how potential digital evidence will be recovered, how systems will be prepared  before evidence retrieval, where retrieved evidence will be stored, and how these activities will be documented. This ensures that a formal and unambiguous methodology is followed for collecting evidence and ensuring the authenticity of data.<\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf0ad;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Preparation<\/h3><div class=\"lsow-service-details\">Computer forensic examiners must properly analyze the case at hand to determine where evidence will be collected. Protocols and applicable regulatory requirements should be followed for acquiring evidence. The method that will be used to make a copy of the source evidence should also be determined and agreed upon. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf4bd;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Collection<\/h3><div class=\"lsow-service-details\">After identifying what sources of evidence need to be included in scope, the collection process begins where the computer forensic investigator creates a copy of the electronic evidence in order to preserve it. Computer forensic examiners typically make a bit stream backup of all evidence before reviewing or processing it. Bit stream backups are also known as \u201cmirror image\u201d backups and involve backing up all areas of the device\/media such that the backup exactly replicates the device\/media. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#x23;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Hashing<\/h3><div class=\"lsow-service-details\">Hashing is a method to ensure the integrity of data acquired by an investigator. A one-way algorithm is created \/applied when the investigator images evidence. If the hash value of the data before starting the imaging process matches the hash value of the copy, this demonstrates that the evidence has not been tampered with during the process to ensure its integrity and admissibility in court.  <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf0c1;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Chain of Custody<\/h3><div class=\"lsow-service-details\">A chain of custody is a paper trial or sequential documentation of the entire evidence-handling process. It details all the steps performed for data collection, sequence of control, transfer, and analysis of evidence to ensure that it can serve as a supporting form of evidence in a court of law. It is very important to maintain the chain of custody to preserve the integrity of the evidence. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf4de;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Handling and Transportation<\/h3><div class=\"lsow-service-details\">Each piece of electronic evidence should be stored in its own electronic evidence bag\/box for transportation. Smaller devices could be stored together provided they are first labeled and logged. When transporting evidence, extra caution should be taken so that there is no damage or adverse effect from extreme weather conditions. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><div class=\"lsow-grid-item lsow-service-wrapper\"><div class=\"lsow-service \" ><div class=\"lsow-icon-wrapper\"><span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf1c6;\"\n\t\t \n\t\taria-hidden=\"true\"><\/span><\/div><div class=\"lsow-service-text\"><h3 class=\"lsow-title\">Encryption<\/h3><div class=\"lsow-service-details\">All collected electronic data should be encrypted and secured at all times of collection, in transit, and at its destination. <\/div><\/div><!-- .lsow-service-text --><\/div><!-- .lsow-service --><\/div><!-- .lsow-service-wrapper --><\/div><!-- .lsow-services --><div class=\"lsow-clear\"><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-6\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-6\" id=\"tools\" data-stretch-type=\"full\" ><div id=\"pgc-9805-6-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-6-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"15\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-b2527e49cc66-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tWhat Tools are Used in Forensic Investigations?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-6-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"16\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>Various phases of a digital forensic investigation can be significantly aided and made a lot more efficient with the use of forensic tools \u2013 both hardware tools and software tools. A very large number of very good tools, both open-source and proprietary, are available in the market today. Each tool supports a specific purpose and phase of the forensic investigation process.<\/p>\n<p>For instance, there are tools for disk data capture, registry analysis, email analysis, mobile device analysis, database analysis, and so on. There are also forensic tools that offer broader functionalities such as network forensic tools and Internet analysis tools.<\/p>\n<p>However, it is important to remember that tools are meant to supplement and support. The real value in a digital forensic investigation is brought to the table by the investigator\u2019s expertise and experience.<\/p>\n<p>Furthermore, when using tools, it is a good idea to use multiple tools when trying to validate findings and\/or increase the reliability of the evidence. The National Institute of Standards and Technology (NIST) and the National Institute of Justice (NIJ) have established methodologies and guidance on general tool specifications, hardware, test procedures and more that help organizations and investigators decide upon the best set of tools to use depending on the situation and organization. The Computer Forensics Tools &amp; Techniques Catalog is a great resource at: <a href=\"https:\/\/toolcatalog.nist.gov\">https:\/\/toolcatalog.nist.gov\u00a0<\/a><\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-7\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-7\" id=\"how-to-pick-digital-firm\" data-stretch-type=\"full\" ><div id=\"pgc-9805-7-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-7-0-0\" class=\"so-panel widget widget_siteorigin-panels-builder panel-first-child panel-last-child widgetopts-SO\" data-index=\"17\" ><div id=\"pl-w5f186abcaa3f4\"  class=\"panel-layout\" ><div id=\"pg-w5f186abcaa3f4-0\"  class=\"panel-grid panel-has-style\" ><div class=\"panel-row-style panel-row-style-for-w5f186abcaa3f4-0\" ><div id=\"pgc-w5f186abcaa3f4-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-w5f186abcaa3f4-0-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-1614bdcbf506\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h3 class=\"sow-headline\">\n\t\t\t\t\t\tHow do you Pick a Digital Forensics Company?\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-w5f186abcaa3f4-0-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"1\" ><div class=\"normallist panel-widget-style panel-widget-style-for-w5f186abcaa3f4-0-0-1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>If you are in need of digital forensic services, here are some things to consider when making a final choice:<\/p>\n<ul><\/p>\n<li>Analyze if the computer forensics company or expert has experience in the platforms and systems that potentially fall within the scope of the investigation. There could be situations where a very competent computer forensics examiner might not be the right choice for your environment because it might be her\/his first time reviewing a specific technology in your environment.<\/li>\n<p><\/p>\n<li>Assess the computer forensic team\u2019s and company\u2019s qualifications. There are several digital forensics certifications available today that are widely acknowledged and highlight expertise in forensic techniques and procedures, standards of practice, and legal\/ethical principles such as:\n<ul>\n<li>PCI Forensic Investigator (PFI)<\/li>\n<li>Encase Certified Examiner (ENCE)<\/li>\n<li>Certified Computer Forensic Examiner (CCFE)<\/li>\n<li>Certified Cyber Forensics Professional<\/li>\n<li>GIAC Forensic Examiner (GCFE)<\/li>\n<li>GIAC Forensic Analyst<\/li>\n<li>GIAC Network Forensic Analyst<\/li>\n<li>GIAC Advanced Smartphone Forensics<\/li>\n<\/ul>\n<p>Employees holding one or more of these certifications are well-trained in digital forensics services. Also look to see if the company or its employees have experience in Expert Witness Testimony.<\/li>\n<p><\/p>\n<li>Check to see if the computer forensic company has good references. Also, ask for sample deliverables of work to verify the quality.<\/li>\n<p><\/p>\n<li>Verify if the company is willing to testify in court in criminal or civil cases if necessary, before the investigation begins. This is where a company's experience in expert witness testimony can be critical.<\/li>\n<p><\/p>\n<li>Inquire into the company's infrastructure to ensure that they have a well-equipped digital forensics laboratory and if they regularly upgrade their software and equipment with time.<\/li>\n<\/ul>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-8\"  class=\"panel-grid panel-has-style\" ><div id=\"legal-considerations\" class=\"panel-row-style panel-row-style-for-9805-8\" ><div id=\"pgc-9805-8-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-8-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"18\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-61bfc8490b48-9805\"\n\t\t\t\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tWhat are the Legal Considerations?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-8-0-1\" class=\"so-panel widget widget_sow-editor panel-last-child widgetopts-SO\" data-index=\"19\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-editor so-widget-sow-editor-base\"\n\t\t\t\n\t\t>\n<div class=\"siteorigin-widget-tinymce textwidget\">\n\t<p>Computer forensic investigators must discover evidence to support or refute an allegation in a trial in a lawful manner. Legal issues include the method used to obtain the evidence, the right to access it, and the manner in which it is examined.<\/p>\n<p>Before seizing a computer or other electronic device, investigators need to examine whether the Fourth Amendment requires a search warrant. The investigation team needs to know what constitutes a legal search, what telecommunications can lawfully be intercepted or examined, and what privacy rights employees or others involved in the investigation possess.<\/p>\n<p>There may also be situations where data resides across borders, such as in cases involving datacenters operated by a cloud service provider. In such cases, appropriate legal steps need to be followed which factor in regulations and privacy laws that apply to the other country regarding the retrieval of relevant data from their data centers.<\/p>\n<p>These legal issues are the reason that <a href=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/blog\/how-digital-forensics-can-help-win-litigation-cases\/\" target=\"_blank\" rel=\"noopener\">forensic investigators typically work alongside<\/a> the client\u2019s General Counsel, prosecutors or outside lawyers who specialize in laws and regulations impacting their investigations.<\/p>\n<\/div>\n<\/div><\/div><\/div><\/div><\/div><div id=\"pg-9805-9\"  class=\"panel-grid panel-has-style\" ><div class=\"siteorigin-panels-stretch panel-row-style panel-row-style-for-9805-9\" data-stretch-type=\"full\" ><div id=\"pgc-9805-9-0\"  class=\"panel-grid-cell\" ><div id=\"panel-9805-9-0-0\" class=\"so-panel widget widget_sow-headline panel-first-child widgetopts-SO\" data-index=\"20\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-headline so-widget-sow-headline-default-7388894ea97a-9805 so-widget-fittext-wrapper\"\n\t\t\t data-fit-text-compressor=\"0.85\"\n\t\t><div class=\"sow-headline-container \">\n\t\t\t\t\t\t\t<h2 class=\"sow-headline\">\n\t\t\t\t\t\tDid you find this helpful?\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"sow-sub-headline\">\n\t\t\t\t\t\tSee our resources on other key cybersecurity topics\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"decoration\">\n\t\t\t\t\t\t<div class=\"decoration-inside\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n<\/div><\/div><div id=\"panel-9805-9-0-1\" class=\"so-panel widget widget_sow-features panel-last-child widgetopts-SO\" data-index=\"21\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-sow-features so-widget-sow-features-default-d79dc1a0bd54-9805\"\n\t\t\t\n\t\t><ul\n\tclass=\"sow-features-list\n\tsow-features-responsive\">\n\n\t\t\t<li\n\t\t\tclass=\"sow-features-feature sow-icon-container-position-top\"\n\t\t\tstyle=\"display: flex; flex-direction: column; width: calc(25% - 25px);\"\n\t\t>\n\t\t\t\n\t\t\t\t\t\t<a\t\t\t\tclass=\"sow-icon-container sow-container-rounded-square\"\n\t\t\t\tstyle=\"color: #e8e8e8; \"\n\t\t\t\t\n\t\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/soc-compliance-services\/\"\n\t\t\t\t\t\t\t\t>\n\t\t\t\t<span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf0cb;\"\n\t\tstyle=\"font-size: 55%; color: #e5554f\" \n\t\taria-hidden=\"true\"><\/span>\t\t\t<\/a>\n\n\t\t\t<div class=\"textwidget\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h5 class=\"sow-features-feature-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/soc-compliance-services\/\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\tSOC Compliance Services\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\n\t\t\t<li\n\t\t\tclass=\"sow-features-feature sow-icon-container-position-top\"\n\t\t\tstyle=\"display: flex; flex-direction: column; width: calc(25% - 25px);\"\n\t\t>\n\t\t\t\n\t\t\t\t\t\t<a\t\t\t\tclass=\"sow-icon-container sow-container-rounded-square\"\n\t\t\t\tstyle=\"color: #e8e8e8; \"\n\t\t\t\t\n\t\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/pci-compliance\/\"\n\t\t\t\t\t\t\t\t>\n\t\t\t\t<span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf09d;\"\n\t\tstyle=\"font-size: 55%; color: #e5554f\" \n\t\taria-hidden=\"true\"><\/span>\t\t\t<\/a>\n\n\t\t\t<div class=\"textwidget\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h5 class=\"sow-features-feature-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/pci-compliance\/\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\tPCI Compliance\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\n\t\t\t<li\n\t\t\tclass=\"sow-features-feature sow-icon-container-position-top\"\n\t\t\tstyle=\"display: flex; flex-direction: column; width: calc(25% - 25px);\"\n\t\t>\n\t\t\t\n\t\t\t\t\t\t<a\t\t\t\tclass=\"sow-icon-container sow-container-rounded-square\"\n\t\t\t\tstyle=\"color: #e8e8e8; \"\n\t\t\t\t\n\t\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/penetration-testing\/\"\n\t\t\t\t\t\t\t\t>\n\t\t\t\t<span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xe595;\"\n\t\tstyle=\"font-size: 55%; color: #e5554f\" \n\t\taria-hidden=\"true\"><\/span>\t\t\t<\/a>\n\n\t\t\t<div class=\"textwidget\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h5 class=\"sow-features-feature-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/penetration-testing\/\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\tPenetration Testing\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\n\t\t\t<li\n\t\t\tclass=\"sow-features-feature sow-icon-container-position-top\"\n\t\t\tstyle=\"display: flex; flex-direction: column; width: calc(25% - 25px);\"\n\t\t>\n\t\t\t\n\t\t\t\t\t\t<a\t\t\t\tclass=\"sow-icon-container sow-container-rounded-square\"\n\t\t\t\tstyle=\"color: #e8e8e8; \"\n\t\t\t\t\n\t\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/cybersecurity-awareness-training\/\"\n\t\t\t\t\t\t\t\t>\n\t\t\t\t<span class=\"sow-icon-fontawesome sow-fas\" data-sow-icon=\"&#xf0eb;\"\n\t\tstyle=\"font-size: 55%; color: #e5554f\" \n\t\taria-hidden=\"true\"><\/span>\t\t\t<\/a>\n\n\t\t\t<div class=\"textwidget\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h5 class=\"sow-features-feature-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\t\t\thref=\"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/cybersecurity-awareness-training\/\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\tSecurity Awareness Training\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/h5>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/li>\n\n\t<\/ul>\n<\/div><\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Digital forensics, sometimes referred to as \u201ccomputer forensics,\u201d is the process of identification, preservation, examination, documentation, and presentation of digital evidence found on a computer, phone, or digital storage media. Essentially, digital artifacts can be collected from all devices that store data such as phones, laptops, hard disks, pen drives, etc. Digital forensics involves analyzing [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-9805","page","type-page","status-publish","hentry","post"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/pages\/9805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/comments?post=9805"}],"version-history":[{"count":0,"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/pages\/9805\/revisions"}],"wp:attachment":[{"href":"https:\/\/uln.ucp.mybluehost.me\/website_c8c6d12e\/wp-json\/wp\/v2\/media?parent=9805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}