Services: Evidence Collection
Goal
Complete, responsible, and transparent data collection and preservation as basis for a forensic analysis.
Initial Situation
The customer provides us with complete information about the incident, with all collected data, as well as with the objects that need to be examined.
Approach
- Preparation: Basic information is gathered about the incident, the affected components, and the data that are to be collected.
- Data back-up: The integrity of the data and the affected objects is guaranteed before, during, and after the data collection process (e.g. through back-ups or working only with a copy)
- Data collection: The data are extracted from the affected objects securely and transparently (e.g. constant logging, without invasive access).
Result
The customer is provided with a document which documents the data collection process as well as the collected data. In addition, the extracted data are provided on a storage medium.
Pros and Cons
A responsible and transparent collection of data and evidence is absolutely necessary for a effective forensic analysis (see Forensic Analysis). The successful collection of evidence and its preservation requires a certain amount of effort.
Reference Example
Evidence Collection Insider Trading: A private bank approached us because they had suspicions about insider trading by one of their employees. The confiscated devices – including his desktop PC (Windows Vista) and the fax machine he supposedly used – were examined. The evidence collection was to be used to confirm the suspicion and if applicable to facilitate legal action against the employee. Therefore, the evidence needed to be collected under stringent conditions so that it would remain valid in court.
