Review the article titled “Electronic Crime Scene Investigation: An
On-the-Scene Reference for First Responders”, located here. Be prepared to discuss.
From the e-Activity, there are general principles that investigators must
follow when they respond to any crime scene in which computers and electronic
technology may be involved. Suggest at least two (2) general principles for
proper evidence preservation for stand-alone personal computers, networked home
personal computers, and network server business networks. Provide a rationale
for your response.
Discuss the major procedures that investigators must use in order to collect
network trace evidence of computer-related crimes. Next, speculate on the
primary concern of investigators as they execute the evidence-collection
procedures in question, and explain the main reasons why you believe such a
concern is valid. Justify your response.
please respond to the following statement:
One of the general principles for proper evidence preservation is to not
alter the state of the computer or network. Powering off the system or network
can result in data being lost or unsaved. In addition, moving a computer or
network that is powered on can cause the system to shut down or result in the
loss of information. Some offenders “rig” these systems so that if they are
touched or altered in any way, the entire system is wiped off and unable to be
traced. This can cause a delay in the investigation.
Another general principle in evidence preservation is to make sure there is a
legal authority to obtain the evidence. This can either be done by securing a
warrant or making sure that the evidence obtained is along the proper legal
guidelines if a warrant is not in possession (plain view, consent, etc.). If
evidence is obtained without the legal authority, federal laws may be violated
and the evidence can be thrown out in a court proceeding