Embed Size (px)
DESCRIPTION
Digital forensics is playing an increasingly significant role in civil and criminal litigation, and the integrity and admissibility of digital evidence depends on sound preservation practices. D4's forensic experts know the importance of preserving the integrity of ESI and maintaining a proper chain-of-custody, and we've developed these guidelines to help you in your preservation of digital evidence. About D4's Digital Forensics and Investigations Services: The D4 Digital Forensics team is comprised of certified consultants and technicians that specialize in digital forensic investigations, 26(f) Meet and Confer Consulting, Complex Discovery Consulting, Expert Testimony, etc. D4's Digital Forensics technicians are well-versed in the preservation, collection and analysis of ESI on Macs, and other Apple products, smartphones, tablets and many other desktop and mobile devices. Some examples of the investigations that our Digital Forensics team has assisted with include: internal employee matters, theft, harassment, embezzlement, violations of company policies, and trademark infringement. Digital Forensic Certifications include: Certified Information Systems Security Professional (CISSP®), EnCase Certified Examiner, AccessData Certified Examiner, Certified Computer Examiner (computer forensic certificates), Private Investigators License (required to conduct computer forensics collections and investigations in the state of Michigan)
Citation preview
Digital forensics is playing an increasingly significant role in civil and criminal litigation, and the integrity and admissibility of digital evidence depends on sound preservation practices.
www.d4discovery.com
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Is your evidence being properly handled? Q:
D4 has developed the following guidelines to aid you in your preservation of digital evidence.
www.d4discovery.com
DO DON’T
&
www.d4discovery.com
Begin a proper chain of custody for each individual piece of digital evidence.
First Things First! Verify ownership of devices.
www.d4discovery.com
DO NOT power on or continue to use any devices in question.
DO collect all ancillary power cords and cables.
#0123456789#
www.d4discovery.com
DO record the make, model and serial numbers of the devices in question.
DO NOT remove the batteries to collect this information.
www.d4discovery.com
DO NOT ask IT personnel to run a data collection or conduct a forensic investigation.
Collections must be conducted by staff trained in forensic processes, procedures and methodologies. This ensures evidence is preserved in an admissible manner.
www.d4discovery.com
DO (if possible) take possession of an entire suspect computer, not just hard drives.
Important information can be obtained from physical devices, including date/time settings and boot-up order.
www.d4discovery.com
DO NOT log into a suspect device as the suspect custodian.
? This can make it nearly impossible to tie data and actions to a certain suspect.
www.d4discovery.com
DO NOT leave devices connected to a company intranet, network, or the Internet.
www.d4discovery.com
DO store devices in a secured location until handed over for imaging and analysis.
Securing devices and their data ensures potential evidence isn’t tampered with or altered in any way.
What About the Who?
So Now You Know the How…
www.d4discovery.com
www.d4discovery.com
D4 conducts thousands of collections and forensic investigations each year.
www.d4discovery.com
Our forensics experts know the importance of preserving the integrity of ESI and maintaining a proper chain-of-custody.
www.d4discovery.com
Our methods are based on law enforcement standards and we enter every engagement assuming the ESI preserved will be used in a court of law.
www.d4discovery.com
D4’s forensic experts are known for providing objective testimony and are experienced acting as a neutral third party.
www.d4discovery.com
Verify findings of other computer forensic experts
What Can Do
Learn More about D4’s Digital Forensics
www.d4discovery.com
Verify findings of other computer forensic experts Recover deleted files and file fragments
Learn More about D4’s Digital Forensics
What Can Do
www.d4discovery.com
Verify findings of other computer forensic experts Recover deleted files and file fragments Assist with internal employee investigations
Learn More about D4’s Digital Forensics
What Can Do
www.d4discovery.com
Verify findings of other computer forensic experts Recover deleted files and file fragments Assist with internal employee investigations Preserve and collect data from social media sites
What Can Do
Learn More about D4’s Digital Forensics
www.d4discovery.com
Verify findings of other computer forensic experts Recover deleted files and file fragments Assist with internal employee investigations Preserve and collect data from social media sites Collect ESI from smart phones, cloud storage sites,
and more
What Can Do
Learn More about D4’s Digital Forensics
www.d4discovery.com
Verify findings of other computer forensic experts Recover deleted files and file fragments Assist with internal employee investigations Preserve and collect data from social media sites Collect ESI from smart phones, cloud storage sites,
and more Defensible remote preservation collection services
What Can Do
Learn More about D4’s Digital Forensics
www.d4discovery.com
800.410.7066
