 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Tel: 01483 200999
|
|
||||||||||||||||||||
| PRIVATE DETECTIVES Tel: 01483 200999 |
|
 |
IT FORENSICS - 4 EVIDENCE Tel: 0800 980 4 267 |
COMPUTER FORENSICS Introduction | PC's and Laptops | Evidence | Action on Scene |
 |
Preserving Evidence is the first priority, therefore there are steps to be taken which may prove vital later on. Something not to be forgotten is that those first on a scene should take steps to ensure the safety of all persons and of course to ensure the integrity of evidence. All activities should adhere to your company's organisational policy and the law. Ideally, of course, a locus will be left alone until qualified personnel are available. If you can, visually identify potential evidence whether physical or electronic and evaluate whether any is fragile. |
 |
Try not to touch! If at all possible don't move anything; leave equipment on that is switched on and equipment off that is switched off. It is a good idea to take some digital photographs of where equipment lies which can match the photographs we take, demonstrating that equipment has not been altered in any way - possibly important in an evidential process later on. Disconnect telephone lines, but from the wall rather than the machine. |
 |
Fingerprints may be on peripherals such as the computer mouse or CD's. We have an in-house fingerprinting department that works in conjunction with IT forensics. A scene examination may be appropriate, for example in demonstrating that a particular person has used the machine through lifting of prints from a mouse on-scene. Chemicals used in the processing of prints may damage equipment or date therefore the manner in which equipment is handled is important. |
 |
Documentation and Chronology - Maintaining a chain of evidence and documenting activity is an ongoing process starting with recording the location and condition of all units, whether subsequently forensically examined or not. Simple issues may have relevance - such as a mouse being on the left hand side rather than right, indicating a left handed user. The condition of the CPU, disturbance of dust and whether it is on or off, or on and warm, are all recorded. We will take locus photographs of the front of the machine, screen, environment and other processes. |
 |
Other evidence - Any other potentially relevant evidence should be collected and documented, e.g. written desk notes, pads which may be indented etc. A coffee mug, for example, may carry the same fingerprints as a mouse or CD. |
| |
|
|
 |
 |
 |
 |
|
 |
|
 |
 |
 sites for specialist and localised service: |
 |
For enquiries in the city visit www.londoncityeye.co.uk |
 |
For enquiries in Dorset visit www.pidorset.co.uk |
 |
For enquiries in Berkshire visit www.berkshireeye.co.uk |
 |
For enquiries in Hampshire visit www.solenteye.co.uk |
 |
Think 21! Specialist licensed trade support site at www.think21.co.uk |
 |
Challenge 21! ID checking for the licensed trade - www.challenge21.co.uk |  |
Teenage Detectives on their own website at www.teendetective.co.uk |
|
Franchise site at www.answersinvestigation.co.uk |
 |
Website for the LGBT community at www.pinkdetective.co.uk |  |
For enquiries in Hertfordshire visit www.watfordeye.co.uk |
| "searching the world for answers......" |
 0800 980 4 267 |
|
|
