Evidence Identification

00:00

module 2.1 is the start of our process from collections to testimony.

00:06

In order to truly be able to get to the point where you can testify about your findings, you have to first identify the evidence to be reviewed.

00:16

You can't conduct analysis on thin air. You have tow, have

00:21

some piece of evidence in order to

00:24

do your analysis.

00:27

In this video, we're gonna talk about the process for identification and scoping off evidence collections.

00:35

Before we do that, however, we're going to talk about the definition of digital forensics.

00:40

Digital forensics is the application of science to the identification, collection, examination and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data,

00:57

it's really important to pay attention to the highlighted words identification collection, examination, analysis, integrity and China custody, thes air, all concepts, stages

01:07

or concepts that will be very vital to our discussions as we move forward

01:15

during evidence identification. This is where you're going to define the scope of collections. You're gonna work with legal counsel to determine what data needs to be collected, from whom,

01:26

how long you're gonna have to collect it,

01:30

where you're going to collect it

01:30

and what you're ultimately looking for, what the ultimate

01:36

story is

01:38

for what happened with that evidence.

01:42

There's an idea or concept that you want to cast a wide net,

01:47

but not over collect.

01:49

If you're dealing with a matter that involves text messages, for example, you may not need to collect the laptop for the individual. You may only need to collect the mobile phone,

02:00

but

02:01

if the collection is

02:04

and the matter is related to

02:07

emails, you may want to cast a wide net. Collect both the cell phone and the computer.

02:15

But you're not gonna also collect the cell phone and computer for three other people who are totally unrelated to the matter just because they work in the same business.

02:24

It's during this step that your documentation is going to start. You're gonna document document document.

02:30

You're going to start building your case of defense ability,

02:35

your case of repeat ability.

02:37

You're going to start showing why decisions were made, how decisions were made and what the ultimate outcome of things

02:44

and conversations that you've had were.

02:47

It's important, though,

02:51

that you ensure you have the legal authority to collect whatever evidence you're going to collect,

02:55

either through court order, subpoena

03:00

warrant

03:01

or even just the authority given to you by an organization. Because as the owner of the devices

03:09

in this summary in this video,