In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court, it should be collected before it is presented. Therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.
Information collected digitally from computers or media storage applications has protocols that need to be followed during the process. The order of collecting digital information mostly determines the life expectancy of the information collected (Casey, 2004, p. 74). There is need to change information collection procedures since there are changes in the field of computing. In this regard, all information collected is at times determined by the type of tools and instruments supplied. Investigative agencies should be keen to ensure they hire services of competent suppliers who are updated in terms of present technology and who can supply their instruments at an attractive price (Casey, 2004, p. 74).
Suppliers and collecting agencies should understand that present technology has removable storage devices where information can be stored and cannot be retrieved in the hard disks (Casey & Stellatos, 2008, p. 93). There are also malwares that can be stored in the RAM and cannot be traced in the hard drives, meaning that instruments and strategies for collecting information should be made in a way that can outdo the tricks of data storage and theft (Casey & Stellatos, 2008, p. 93). While dealing with computers, it is possible to crack the tricks generated by hackers using computers. Some of the malware prevention programs are generated after a hacker comes up with a new trick in cyber crime or computer crime. In addition, some of the organizations who generate programs have installed some that can be used by investigative agencies.
Some of the most important procedures used in collection of information that can be used in a court of law include collecting live data from the RAM’s images. Such live recovery of information can be collected...