Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this section on computer forensics we prepare to go to court. This involves the extremely important processes of evidence collection, analysis, and presentation. We also discuss the laws - in terms of the U.S. Constitution - governing this phase. We start off by discussing the first step in evidence collection which is Identification. In order for something to be admitted into evidence in a court of law, it must first be identified. Locard's Principle of Exchange is mentioned, which is based on the premise that a criminal will usually leave something behind even if it's just a tip-off about their motives based on what they stole. Pretty Sherlock Holmes, huh? The extremely important issue of evidence preservation is discussed next. The chain of custody for evidence MUST be well-documented! A history of how evidence was collected, analyzed, transported, and preserved is required. This process is vital since digital evidence CAN be manipulated! Important procedures for evidence handling are mentioned. This includes thorough documentation using photos of the crime scene and collected evidence along with evidence labeling and logging. We also raise the important issue of the Fourth Amendment regarding illegal search and seizure and how it applies differently to government agents vs. private individuals. The section concludes with a discussion of the processes of examination (just the facts!), analysis (turning data into info), presentation in court, and the climax that results in a decision or legal ruling on the presented evidence.