Good Practice Guide for Computer-Based Electronic Evidence
https://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evidence.pdf
The traditional “pull-the-plug” approach overlooks
the vast amounts of volatile (memory-resident and
ephemeral) data that will be lost. Today, investigators
are routinely faced with the reality of sophisticated
data encryption, as well as hacking tools and malicious
software that may exist solely within memory. Capturing
and working with volatile data may therefore provide
the only route towards finding important evidence.
Thankfully, there are valid options in this area and
informed decisions can be made that will stand the
scrutiny of the court process.
The guide also considers network forensics pertaining
to “information in transit” i.e. as it passes across
networks and between devices, on a wired and
wireless basis. As forensic investigators, we need to
take into consideration, where legally permitted, the
flow of data across networks. This type of approach
can prove critical when analysing and modelling
security breaches and malicious software attacks.
7Safe advocates best practice in all dealings with
electronic evidence. By publishing this guide in
conjunction with ACPO, our aim is to help ensure
that procedural problems do not arise during
investigations or in the court room and that the very
highest of standards are achieved and maintained
by those working in the electronic evidence arena.
The traditional “pull-the-plug” approach overlooks
the vast amounts of volatile (memory-resident and
ephemeral) data that will be lost. Today, investigators
are routinely faced with the reality of sophisticated
data encryption, as well as hacking tools and malicious
software that may exist solely within memory. Capturing
and working with volatile data may therefore provide
the only route towards finding important evidence.
Thankfully, there are valid options in this area and
informed decisions can be made that will stand the
scrutiny of the court process.
The guide also considers network forensics pertaining
to “information in transit” i.e. as it passes across
networks and between devices, on a wired and
wireless basis. As forensic investigators, we need to
take into consideration, where legally permitted, the
flow of data across networks. This type of approach
can prove critical when analysing and modelling
security breaches and malicious software attacks.
7Safe advocates best practice in all dealings with
electronic evidence. By publishing this guide in
conjunction with ACPO, our aim is to help ensure
that procedural problems do not arise during
investigations or in the court room and that the very
highest of standards are achieved and maintained
by those working in the electronic evidence arena.