Alternate Data Storage Forensics

Chapter 2: Seizure of Digital Information

by Kevin O Shea

Introduction

Computers and digital devices are employed by the majority of people in the U.S. for myriad business and personal uses. Because of the wide acceptance of computers in our daily lives, it is reasonable to conclude that people will use a computer to assist them in the commission of crimes, record aspects of crimes on a computer, and use computers to store the fruits of their crimes or contraband.

Any of the computers involved in the situations just discussed will likely contain upwards of hundreds of thousands of pieces of information stored in a digital format, including operating system files, program files, user documents, and file fragments in drive free space. While the challenge for the laboratory examiner is to find the relevant data objects on a hard drive or other media, a greater challenge exists for the on-scene responders and investigators: How can the information be collected from the scene and brought to a location where it can be examined? Does all the hardware on-scene need to be seized as evidence, or will an exact copy of the information serve the purposes of an investigation? Are there other seizure options to be considered?

Notes from the Underground Data Objects

Throughout this chapter, the term data object will be used frequently to discuss information found on a storage device or a piece of storage media (SWGDE, 2000). The digital information on a piece of media is nothing more than a long string of 1s...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Data Storage Media
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.