![]() Digital forensics specifics start at the point of data acquisition. Let us skip the collection of the physical evidence, as we would for non-DFIR items. ![]() This is the first stage of every DFIR investigation and is where a chain of custody first appears. This article explains these methods utilizing Belkasoft X, a flagship digital forensics and incident response (DFIR) tool by Belkasoft. That is why one of the most natural questions which the counterparty may, and will ask in court is: 'How can you prove that this evidence (chat/document/photo) has not been altered?' And that is why, apart from well-known actions for preserving chain of custody (like maintaining chain of custody forms), there are additional methods for digital forensics. One of the reasons for that, is that electronic data can be altered without leaving obvious traces. Assuring chain of custody for electronic evidence is more complicated than for other types of evidence, such as a gun, for instance. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |