Part 3 – Forensic Investigation Process

In this video we examine the seven steps of evidence collection:
  • Identification - identify something a evidence from what's left behind such as fingerprints and DNA as well as what was taken.
  • Preservation - the chain of custody must be documented and provide a history of how the evidence was handled since digital evidence can be easily manipulated. Hashing is used to verify that data remains unchanged.
  • Collection - it's important to limit evidence handling. Document using photos and taking an image of the system. We must always work fast since some data is volatile. It's also important to do things legally and respect the Fourth Amendment.
  • Examination - just the facts!
  • Analysis - look for meaning in the data in order to find the "what" of the investigation.
  • Decision - the final verdict from trial.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?