Guidelines for Recognize, Collect, Extract, Protect, and Report Digital Evidence

Abstract:

The different phases of the digital evidence management process can result in a complex and difficult task to perform in a practical way due to the nature of the evidence itself. In this paper we propose a simplified but not less exhaustive methodology based on international standards of common use to recognize, collect, extract, protect and report on the digital evidence found in the scene of a computer incident. All actions taken by computer experts must be preceded by a written authorization allowing the identification of evidence. Digital evidence is then identified based on the circumstances, within a given policy. Then the objective tests are preserved and the results are reported. The digital tests obtained through the application of the methodology are verifiable, integrated and reliable. The methodology proposed here was applied in an educational institution with the purpose of verifying its validity. Although the …

Año de publicación:

2017

Keywords:

Fuente:

google