Collecting Evidence

Kävrestad, Joakim; Birath, Marcus; Clarke, Nathan

doi:10.1007/978-3-031-53649-6_8

Part of the book series: Texts in Computer Science ((TCS))

221 Accesses

Abstract

Digital forensics is all about examining digital evidence, and that implies that you need to collect the evidence before it can be examined. Every action that you carry out on a computer will leave traces, and that contradicts with the facts that evidence must be handled in a way that ensures that it is not altered. This chapter discusses the key points of securing digital evidence in a forensically sound manner. Doing that ensures that the examination can be conducted in a way that does not contaminate the evidence. The concept of using a write blocker to create a forensic copy of the evidence is also introduced. The reminder of the chapter provides an in-depth discussion on live investigations, examining computers that are running. A model that can be used to plan forensically sound live investigations is presented as well as the constraints that must be taken into consideration when working with live evidence.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Springer+ Basic

EUR 32.99 /Month

Get 10 units per month
Download Article/Chapter or Ebook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Subscribe now

Chapter: EUR 29.95; Price includes VAT (Germany)

eBook: EUR 67.40; Price includes VAT (Germany)

Hardcover Book: EUR 85.59; Price includes VAT (Germany)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Lazaridis I, Arampatzis T, Pouros S (2016) Evaluation of digital forensics tools on data recovery and analysis. In: The third international conference on computer science, computer engineering, and social media (CSCESM2016)
Google Scholar
Oxford Dictionaries (2017) Definition of evidence in English. Available online: https://en.oxforddictionaries.com/definition/evidence. Fetched 6 Jul 2017
Tobin P, Le-Khac NA, Kechadi MT (2016) A lightweight software write-blocker for virtual machine forensics. Sixth international conference on innovative computing technology (INTECH) 2016. IEEE, New Jersey, pp 730–735
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Jönkö** School of Engineering, Jönkö**, Sweden
Joakim Kävrestad
School of Informatics, University of Skövde, Skövde, Sweden
Marcus Birath
School of Engineering, Computing and Mathematics, University of Plymouth, Plymouth, UK
Nathan Clarke

Authors

Joakim Kävrestad
View author publications
You can also search for this author in PubMed Google Scholar
Marcus Birath
View author publications
You can also search for this author in PubMed Google Scholar
Nathan Clarke
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joakim Kävrestad .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Kävrestad, J., Birath, M., Clarke, N. (2024). Collecting Evidence. In: Fundamentals of Digital Forensics. Texts in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-031-53649-6_8

Download citation

DOI: https://doi.org/10.1007/978-3-031-53649-6_8
Published: 22 March 2024
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53648-9
Online ISBN: 978-3-031-53649-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics