Preservation of Fragile Digital Evidence by First Responders
J. Kornblum
Proceedings of the Digital Forensic Workshop
2002

Paper (pdf)     Bibtex

The nature of computer based evidence makes it inherently fragile. Data can be erased or changed without a trace, impeding an investigator's job to find the truth. The efforts of first responders are critical to ensure that the evidence is gathered and preserved in a simple, secure, and forensically sound manner. This paper describes the challenges first responders face and some strategies for dealing with them. As an example, the paper also details a sample tool for first responders to incidents on Windows based computers.

Home     Publications     Presentations     Utilities     Tools     Blog