| <<< Pitfalls | Index | Collecting and Preserving Hardware >>> |
Consider a homicide case: victim's computer is seized.
Ways to compromise evidence on the computer after collection might be:
turn computer on and operate it in a normal user mode;
view files;
connect to the internet;
use victim's credentials to view victim's emails using desktop email client program.
What is being compromised? A LOT!
Once computer is powered-on, altering the system data takes place instantly.
Potentially destroying useful date/time stamp info of critical evidence files.
Altering victim's ISP server log records after connecting to the internet account
(same goes for the email server logs.)
All of the above makes it impossible for investigators to prove who had accessed files, websites, and emails after the victim's death.
| <<< Pitfalls | Index | Collecting and Preserving Hardware >>> |