Short paper – forensic computer evidence
Based on the material from the “U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement” document (attached), explain some important parts of the computer forensic process.
Provide short and concise answers to the following questions:
- What are some of the key considerations for an “on-site” examiner, also known as a “first responder”?
- What are two attributes of a timestamp that could be located on a computer system? (List and explain.)
- When documenting and reporting a computer forensic examination (investigation), what are some common notes that should be maintained? (List and explain.)
- What are the four major steps to completing the processing of digital evidence?