Chapter 7

Seizing, imaging, and analyzing digital evidence

step-by-step guidelines

David Day

Abstract

Hiding and obfuscating their identities and digital evidence are now common activities for many malicious hackers. This coupled with anti-forensic and anonymizing techniques, such as encryption and proxy relays, have made the aims of the digital investigator more difficult to achieve. It is simple to make errors which cause vital evidence to remain undetected, or worse having found it go on to contaminate it through poor practice. This chapter suggests best practices to help obtain exhibits and uncover obfuscated evidence while maintaining its integrity for submission in court.

Keywords

Cybercrime

Hacker

Digital forensics

Disk

RAM

Anti-forensics ...

Get Cyber Crime and Cyber Terrorism Investigator's Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.