Evidence Handling: Do it the Right Way

There are lots of different ways to collect digital evidence for computer forensics and incident response investigations. There is only one way to make sure that that digital evidence later holds up to judicial, legislative or regulatory oversight. That is done through documenting and handling the evidence properly. Atlantic Data Forensics handles digital evidence for hundreds of civil, criminal and court martial cases every year. In "Evidence Handling: Do it the Right Way," you’ll learn how to properly handle evidence from court tested, forensics experts who do it every day.The course will also discuss the often misunderstood process of establishing an evidence chain-of-custody. Lastly, you’ll learn about common traps and pitfalls associated with digital evidence handling.

Prerequisites

• Planning to collect data for Evidence
• In a position where it might become necessary to collect digital evidence

Study Resources

• Federal Rules of Evidence: https://www.law.cornell.edu/rules/fre
• Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ssmanual2009.pdf

Course Goals

By the end of this course, students will have learned:

• Why it is a good idea to treat everything like evidence
• What constitutes evidence in the US court system
• The “Best Evidence Rule”
• How to properly secure and store evidence
• Chain-Of-Custody
• How to properly secure and store evidence
• Common evidence problems

• Module 1: Introduction
• 1.1 Introduction
• Module 2: Evidence Handling
• 2.1 Computer Evidence and Authentication
• 2.2 Best Evidence Rule
• 2.3 Documenting the Evidence
• 2.4 What to Document
• 2.5 Chain-Of-Custody
• 2.6 Storing and Securing the Evidence
• 2.7 Common Evidence Problems
• Module 3: Conclusion
• 3.1 Course Summary