Securing the Scene
The objective of this study is to develop a plan to approach and secure an incident scene and discuss the initial steps taken for an investigation while explicating the importance of creating an order of volatility by identifying the potential evidence that is most volatile and explain how evidence would be extracted. This study will identify the high-level steps that would be performed in collecting and analyzing the evidence including the required steps and what should be avoided in order to maintain the admissibility of the evidence.
Securing the Scene
Securing the scene of a computer crime investigation requires that all electronic devices be secured including personal and portable devices and ensuring that no person unauthorized has access to any electronic devices found at the scene of the crime. The investigator should refuse anyone who offers to assist with anything technical in nature and should remove all individuals from the crime scene where evidence is being collected.
The condition of any electronic device located at the crime scene should not be altered and any electronic device that is off should not be turned on. Latent evidence may be found on computer components and these should be preserved. If the computer is switched on or if the investigator is not sure, they should listen for the sounds of any fans running or any spinning drives or look to see if any lights are on. The investigator should also check for signs of remote access and for signs of any active communication, which includes web cams.
II. Documenting the Scene
The scenes should be documented through use of a video or photography and sketching that assist in recreating the details of the scene. Any activity and processes on computer display screens should be documented as well. Scene documentation should include: (1) the entire location; (2) the type, location and position of computers; (3) computer components and peripheral equipment; and (4) other electronic devices. ( ) It is necessary to record any network and wireless access points that may be present and that are capable of linking computers and other devices to one another and to the Internet. If there is evidence of network and wireless access this may provide an indication that there is more evidence other than just what is at the scene of the crime.
The investigator should record all serial numbers but only after all the computer devices have been shut down as these devices and computers should not be moved until they are shut off. The first responder must have the proper authority, which includes: (1) plain view observation; (2) consent; or (3) a court order to search and to collect evidence at the scene of the crime. It is important that digital evidence be carefully handled and to ensure that the digital evidence requiring special handling or packaging be given the proper care.
You’re 81% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.