Rules and Procedures
Stages Of Forensic Investigation in Tracking Computer Crime
A computer forensic investigator follows certain stages and procedures when working on a case. First he identifies the crime, along with the computer and other tools used to commit the crime. Then he gathers evidence and builds a suitable chain of custody. The investigators must follows those procedures as thoroughly as possible. Once he recovers data, he must image, duplicate, and replicate it, and then analyze the duplicated evidence. After the evidence has been analyzed, the investigator must act as an expert witness and present the evidence in court. Here are steps a forensic investigator typically follows after an incident in which a server is compromised:1. Company personnel call the corporate lawyer for legal advice. 2. The forensic investigator prepares a First Response of Procedures. 3. The forensic investigator seizes the evidence at the crime scene and transports it to the forensic lab. 4. The forensic investigator prepares bit-stream image of the files and creates an MD5 # of the files. 5. The forensic investigator examines the evidence for proof of a crime, and prepares an investigative report before concluding the investigation. 6. The forensic investigator hands the sensitive report information to the client, who reviews it to see whether they want to press charges. 7. The FI destroys any sensitive client data. Prepared by WestNet Computer Forensic Investigators