In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court it should be collected before it is presentation; therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.
Information collected digitally from computers or media storage applications has protocols that need be followed during the process. The order of collecting digital information mostly determines the life expectancy of information collected (Eoghan, 2004, p. 74). There is a need to change information collection procedures since there are changes in the field of computing. In this regard, all information collected is at times determined by the type of tools and instruments supplied by the suppliers. Investigative agencies should be keen to ensure that they hire services of competent suppliers who are updated with present technology and supplies their instruments at an attractive price (Eoghan, 2004, p. 74).
Suppliers and collecting agencies should understand that present technology has removable storage devices where information can be stored and cannot be retrieved in the hard disks (Eoghan & Gerasimos, 2008, p. 93). There are also malwares that can be stored in the RAM and cannot be traced in the hard drives meaning that instruments and the strategies for collecting information should be fashioned in a way that can out do the tricks of data storage and theft (Eoghan & Gerasimos, 2008, p. 93). From experience, while dealing with computers it is possible to crack the trick that is generated using computers by hackers. Some of the malware prevention programs are generated after hackers develop a new trick in cyber crime or computer crime. In addition some of the programs generating organizations have installed programs that can be used by the investigative agency.
Some of the most important procedures used in collection of information to be used in a court of law include collecting live data from the RAMs images. Such live recovery of information can be collected from the F-Response which can collect data from the networks of a computer. Information can be collected when the computer is logged on or connected to the network or when the computer is executing (Carrier, 2006, p. 56). The other...