Digital Evidence Preservation

As the realm of technology and digital forensics constantly expands, there is a need for you and your clients to become familiar with ways that contribute to the preservation of digital evidence. The fundamental importance of digital preservation is clear, as more lawyers and clients need to present evidence related to technological devices. For this reason, LMG Security wants to highlight the necessity of following a series of steps in the preservation of digital evidence, as even a small, inattentive move could lead to the loss of evidence and the break of a case.

For example, a local lawyer once was brought a phone to be analyzed for one of his clients. At that point in time, the phone had been OFF for several years. Instinctively, the lawyer thought that looking at the data on that …show more content…
The phone should have been brought to forensic experts as soon as possible. They could have collected the phone, stored it in a safe faraday cage (which prevents signals from reaching the phone) and proceeded to collect a forensic image of the data in the device.

So then, what are those critical steps that need to be taken to prevent loss of data before bringing to the forensics experts? In following the next steps, act as quickly as you can and call a trained digital forensic specialist immediately. Time is highly important in digital evidence preservation:

- As a general rule, make sure you do not turn ON a device if it is turned OFF. For computers, make sure you do not change the current status of the device at all. If the device is OFF, it must be kept OFF. If the device is ON, call a forensics expert before turning it off or doing anything.

- If it is not charged, do not charge it; for mobile phones, if the device is ON, power it down to prevent remote wiping on data being overwritten.

- Ensure that you do not leave the device in an open area or other unsecured space. Document where the device is, who has access, and when it is