Introduction to Digital Forensics/Documenting evidence

From Wikibooks, open books for an open world
Jump to navigation Jump to search

One of the key concepts in digital forensics is the idea of documenting evidence. It's a good starting point for this book because becoming used to recording your actions will help both with learning the topic and applying the skills. Many digital forensics investigations end up in a court of law (either civil or criminal). In such cases courts like to see audited logs of what was undertaken, by whom and what was found.

Why is this so important?

One of the major issues is the fact that digital media, such as a hard drive, is very easy to modify. So how do you know that the evidence provided is an accurate representation? A log of actions is particularly useful to explain any discrepancies in evidence when standing in front of a jury.

Another consideration is that digital forensics is, as with all forensics, a specialist subject. The problem is that it is still treated with distrust by many areas of the legal profession and by juries. Logging your actions helps to explain what has happened during the investigation.



Introduction to Digital Forensics
Requirements Documenting evidence Acquisition
Retrieved from "https://en.wikibooks.org/w/index.php?title=Introduction_to_Digital_Forensics/Documenting_evidence&oldid=2604975"