Investigators: Digital Evidence

1287 Words6 Pages
Field Report

Investigators must ensure the integrity of all evidence collected, analyzed, processed and presented to a courtroom and jury. The reason that this is important is because the improper collection and analysis of evidence can lead to compromised data and potential damage to a prosecution. The seizure and analysis of digital evidence can be particularly challenging but is just as critical to a case as physical evidence. There are specific procedures that must be met to ensure the successful collection and analysis of digital media and guidelines or best practices for collection of all evidence, both physical and digital that must be followed. Conducting the proper steps in an investigation regarding the collection and processing of evidence and the proper chain of custody requirements can ensure a successful outcome in solving a case and a successful prosecution.

The first and most important step in the entire process for collecting evidence is to document the scene. It is extremely critical that an investigator capture as accurate a depiction of a crime scene as possible (Solomon, Rudolph, Tittel, Broom, & Barrett, 2011). This can be accomplished in a number of ways. These include taking a photograph of the scene to preserve the original image of the scene for a judge and jury. Investigators can also take images of a computer system. It is necessary to take hash images of volatile data first as volatile data relies on a constant flow of electricity to keep in system memory. Things that are considered volatile are registers, the system casche, routing tables, kernel statistics, memory, temporary file systems, disks and archived media (Soloman, Rudolph, Tittel, Broom, & Barrett, 2011). The first thing an investigator s...

... middle of paper ...

...atastrophe for the prosecution in the courtroom. Not only must they understand how to collect and analyze evidence, they must also know how to properly store, tag and account for all evidence in order to preserve the integrity of the evidence. Knowledge of how the defense will respond to presented evidence is also helpful in helping forensic experts explain their actions while conducting forensic testing.


Computer Learning Center, N. (2009). Comp tia security +. Rochester, NY: Element Corporation.

National Forensic Science Technology Center. (n.d.). A simplified guide to digital evidence. Retrieved from

Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer Forensics Jumpstart (2nd ed.). Indianapolis, IN: Wiley Publishing Inc..
Open Document