Preserving Digital Evidence | Top 10 Critical Steps
As the realm of technology and digital forensics constantly expands, there is a need for you and your clients to become familiar with ways that contribute to the preserving digital evidence. The fundamental importance of digital preservation is clear, as more lawyers and clients need to present evidence related to technological devices. For this reason, LMG Security wants to highlight the necessity of following a series of steps in the preserving digital evidence, as even a small, inattentive move could lead to the loss of evidence and the break of a case.
For example, a local lawyer once was brought a phone to be analyzed for one of his clients. At that point in time, the phone had been OFF for several years. Instinctively, the lawyer thought that looking at the data on that phone would require him to turn ON the phone. As soon as the phone was turned on, updates and downloads automatically started, overwriting of all the data and evidence previously on the phone.
What should have happened instead? The phone should have been brought to forensic experts as soon as possible. They could have collected the phone, stored it in a safe Faraday cage (which prevents signals from reaching the phone) and proceeded to collect a forensic image of the data in the device.
So then, what are those critical steps that need to be taken to prevent loss of data before bringing to the forensics experts? In following the next steps, act as quickly as you can and call a trained digital forensic specialist immediately. Time is highly important in preserving digital evidence.
Image by Luis Llerena via: unsplash.com
– As a general rule, make sure you do not turn ON a device if it is turned OFF. For computers, make sure you do not change the current status of the device at all. If the device is OFF, it must be kept OFF. If the device is ON, call a forensics expert before turning it off or doing anything.
– If it is not charged, do not charge it; for mobile phones, if the device is ON, power it down to prevent remote wiping or data from being overwritten.
– Ensure that you do not leave the device in an open area or other unsecured space. Document where the device is, who has access, and when it is moved.
– Do not plug anything to the device, such as memory cards, USB thumb drives, or any other storage media that you have, as the data could be easily lost.
– Do not open any applications, files, or pictures on the device. You could accidentally lose data or overwrite it.
– Do not copy anything to or from the device.
– Preserve any and all digital evidence that you think could be useful for your case.
– Take a picture of the piece of evidence (front, back, etc.) to prove its condition.
– Make sure you know the PIN/Password pattern of the device.
– Last but not least, do not trust anybody without forensics training to investigate or view files on the original device. They might cause the deletion of data or the corruption of important information.
LMG Security offers digital forensics services, and our world-class experts will provide you with a cell phone forensic image and a detailed forensic investigation report for $350. As always, send any questions or comment to [email protected].
