Three Document Evaluation
A forensic examination can level to many various kinds of new evidence. Some different examples embrace firewall logs, building access logs, and building video security footage.
Forensic Course Of
For instance, the request would possibly present the lead “seek for child pornography.” Examiners list leads explicitly to assist focus the examination. As they develop new leads, they add them to the listing, and as they exhaust leads, they mark them “processed” or “accomplished.” The prosecutor and forensic examiner must resolve, and talk to each other, how a lot of the process is to be accomplished at each stage of an investigation or prosecution. The course of is potentially iterative, so additionally they must determine what number of occasions to repeat the process. It is essentially important that everyone perceive whether or not a case solely wants preparation, extraction, and identification, or whether or not it additionally requires analysis.
After this discovery, legislation enforcement may wish to subpoena the contents of the brand new e-mail account. Examiners may additionally discover proof indicating the goal saved recordsdata on a removable common serial bus drive–one which legislation enforcement did not discover within the unique search. Under these circumstances, legislation enforcement could contemplate getting a brand new search warrant to look for the USB drive.
Examiners document these on a fourth list, the New Source of Data list. After examiners verify the integrity of the data to be analyzed, a plan is developed to extract data. They manage and refine the forensic request into questions they understand and can reply. The forensic instruments that allow them to answer these questions are chosen. Examiners usually have preliminary ideas of what to search for, based on the request. They add these to a “Search Lead List,” which is a running list of requested objects.