Abstract
Digital forensics is all about examining digital evidence, and that implies that you need to collect the evidence before it can be examined. Every action that you carry out on a computer will leave traces, and that contradicts with the facts that evidence must be handled in a way that ensures that it is not altered. This chapter discusses the key points of securing digital evidence in a forensically sound manner. Doing that ensures that the examination can be conducted in a way that does not contaminate the evidence. The concept of using a write blocker to create a forensic copy of the evidence is also introduced. The reminder of the chapter provides an in-depth discussion on live investigations, examining computers that are running. A model that can be used to plan forensically sound live investigations is presented as well as the constraints that must be taken into consideration when working with live evidence.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lazaridis I, Arampatzis T, Pouros S (2016) Evaluation of digital forensics tools on data recovery and analysis. In: The third international conference on computer science, computer engineering, and social media (CSCESM2016)
Oxford Dictionaries (2017) Definition of evidence in English. Available online: https://en.oxforddictionaries.com/definition/evidence. Fetched 6 Jul 2017
Tobin P, Le-Khac NA, Kechadi MT (2016) A lightweight software write-blocker for virtual machine forensics. Sixth international conference on innovative computing technology (INTECH) 2016. IEEE, New Jersey, pp 730–735
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kävrestad, J., Birath, M., Clarke, N. (2024). Collecting Evidence. In: Fundamentals of Digital Forensics. Texts in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-031-53649-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-53649-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53648-9
Online ISBN: 978-3-031-53649-6
eBook Packages: Computer ScienceComputer Science (R0)