Phases of Digital Forensics
Phase I – First Response
The action performed right after the occurrence of a security incident is known as the first response. It is higher dependent on the nature of the incident.
Phase II – Search and Seizure
Under this phase, the professionals search for the devices involved in carrying out the crime. These devices then carefully seized to extract information out of them.
Phase III – Collect the Evidence
After the search and seizure phase, professionals use the acquired devices to collect data. They have well – defined forensic methods for evidence handling.
Phase IV – Secure the Evidence
The forensic staff should have access to a safe environment where they can secure the evidence. They determine if the collected data is accurate, authentic and accessible.
Phase V – Data Acquisition
Data acquisition is the process of retrieving Electronically Stored Information (ESI) from suspected digital assets. It helps to gain insights into the incident while an improper process can alter the data, thus, sacrificing the integrity of evidence.
Phase VI – Data Analysis
Under data analysis, the accountable staff scan the acquired data to identify the evidential information that can be presented to the court. This phase is about examining, identifying, separating, converting and modeling data to transform it into useful information.
Phase VII – Evidence Assessment
The process of evidence assessment relates the evidential data to the security incident. The should be a thorough assessment based on the scope of the case.
Phase VIII – Documentation and Reporting
This is a post-investigation phase that covers reporting and documenting of all the findings. Also, the report should have adequate and acceptable evidence in accordance to the court of law.
Phase IX – Testify as an Expert Witness
Forensic investigators should approach the expert witness to affirm the accuracy of evidence. An expert witness is a professional who investigates the crime to retrieve evidence.
Thank you