Chapter 4

Acquiring Evidence in a Computer Forensics Lab

Learning Outcomes

After reading this chapter, you will be able to understand the following:

  • Requirements for a certified computer forensics laboratory;

  • Best practices for managing and processing evidence in a computer forensics laboratory;

  • Structuring a computer forensics laboratory;

  • Computer forensics laboratory requirements for hardware and software;

  • Best practices for acquiring, handling, and analyzing digital evidence;

  • Methods for investigating financial fraud; and

  • How to use UNIX commands to search files for particular information of interest.

The process by which an investigator acquires evidence is just as important as the evidence itself. Remember that the term forensic means ...

Get A Practical Guide to Digital Forensics Investigations, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.