Computer Forensics Best Practices

Forensic examiners adhere to specific standards and rules for conducting examinations that are designed to insure that the original evidence is not altered while in their custody, and to insure that their evidence is later admissible in court. Most best practices and policies are written with those goals in mind. The following are samples of best practices observed by most examiners during the course of their examinations.

Featured Schools:

Purdue GlobalBachelor of Science in Cybersecurity
SNHUBS Cybersecurity
Grand Canyon UniversityB.S. in Cybersecurity
Arizona State UniversityGlobal Security (Cybersecurity), MA

Whenever possible, do not examine the original media. Write protect the original, copy it, and examine only the copy.

  • Use write blocking technology to preserve the original while it is being copied.
  • Computer forensic examiners must meet minimum proficiency standards.
  • Examination results should be reviewed by a supervisor and peer reviewed on a regular schedule.
  • All hardware and software should be tested to insure they produce accurate and reliable results.
  • Forensic examiners must observe the highest ethical standards.
  • Forensic examiners must remain objective at all times.
  • Forensic examiners must strictly observe all legal restrictions on their examinations.

Pin It on Pinterest

Share This