Forensic Examination of Digital Evidence
Based on the material from the “U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement” document, https://www.ncjrs.gov/pdffiles1/nij/199408.pdf
Explain some important parts of the computer forensic process.
Provide short and concise answers to the following questions:
What are some of the key considerations for an “on-site” examiner, also known as a “first responder”?
What are two attributes of a timestamp that could be located on a computer system? (List and explain.)
When documenting and reporting a computer forensic examination (investigation), what are some common notes that should be maintained? (List and explain.)
What are the four major steps to completing the processing of digital evidence?