CRACKING THE CODE: 4 PRINCIPLES OF DIGITAL EVIDENCE

Digital evidence isn’t like your messy photo gallery…HANDLE IT WITH CARE!! These are the 4 golden Rules.

PRINCIPLE 1: DON’T TOUCH THE DATA!

Who goes to a crime scene and moves things around?….RIGHT no one, not a smart idea. This also applies to digital evidence. No changes, no edits ESPECIALLY not “accidental” deletes. Use forensic tools to keep data exactly how you found it.

PRINCIPLE2: IF YOU MUST TOUCH IT, KNOW WHAT YOU’RE DOING

At some point you may have to access original data. If you get to that point. You better have GOOD memory, and you need to know your stuff! You should be able to explain what you did and why, every little detail otherwise forget winning that court case.

PRINCIPLE 3: KEEP RECEIPTS (AUDIT EVERYTING)

This links in with principle 2, every click, command, and copy must be documented if another forensic expert can’t follow your steps and get the same results, your evidence maybe….Dodge.

PRINCIPLE 4: THE INVESTIGATOR IS THE BOSS 🙂

Whoever leads the case is responsible for making sure everything follows the law and these principles. NO shortcuts, NO sloppiness, if evidence gets thrown out they get the blame

Without these principles, digital evidence wouldn’t hold up in court, and criminals would walk free… boooo!!! Whether it’s recovering deleted files or tracing cybercriminals, forensic integrity is everything.

Now, time to apply these in my lab work…SEEE YAAA!