Forensic Computer Evidence

Forensic Examination of Digital Evidence

Based on the material from the “U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement” document, https://www.ncjrs.gov/pdffiles1/nij/199408.pdf

Explain some important parts of the computer forensic process.

Provide short and concise answers to the following questions:

What are some of the key considerations for an “on-site” examiner, also known as a “first responder”?
What are two attributes of a timestamp that could be located on a computer system? (List and explain.)
When documenting and reporting a computer forensic examination (investigation), what are some common notes that should be maintained? (List and explain.)
What are the four major steps to completing the processing of digital evidence?

Last Updated on January 31, 2018 by Essay Pro