Digital forensics play an increasingly significant role in civil litigation. Your actions, or even non-actions, can affect the integrity and admissibility of digital evidence. This article should help you properly preserve your digital evidence.
What To Do
- Contact a trusted partner in digital forensics, like DiscoverReady, to help you with early case planning and data collection. DiscoverReady Forensic Advisors can help with data mapping and collection logistics.
- Preserve relevant data assets such as Computers, Flash Drive, Server data, Phones and email as soon as possible. Data assets that are reused or not properly preserved may result in data spoliation.
- Use a Chain of Custody (CoC) form to document each data asset (Computer, Phone, etc.) memorializing every person who has come into contact with the device before providing it to a trusted digital forensic expert. Please ask your DiscoverReady contact or email firstname.lastname@example.org to obtain a CoC form template.
- Hold a scoping call with your trusted digital forensic partner while the relevant information is still fresh in your memory. They will ask questions and memorialize pertinent information relevant to a matter including names, dates and data types.
- Departed employees’ data assets may be subject to scrutiny, therefore, secure them and recording their serial numbers and other information. You may not have an immediate need to forensically collect their data but often a collection costs as much as storing the device in an IT closet.
- There are painless and easy ways to preserve ESI data. When in doubt as to the value of the data in hand, preserve and collect it, so it is there as an “insurance policy” if you need it.
What Not To Do
- The most common type of evidence spoliation happens when a computer is turned on “to take a look around.” Simply turning on a computer or transferring files may thwart the efforts of an investigation due to the number of changes caused after the employee has turned in his devices. Computers should remain off and phones placed in Airplane mode and removed from WIFI.
- If malfeasance is suspected, always enlist the support of a trusted digital forensic partner. Although your IT department has technical training, they are not skilled in performing investigations and may inadvertently cause damage to valuable artifacts used during an investigation.
- Remove computers or phones which require investigation from any internet or network system. Phone and computers may be erased or connected to by unauthorized people very easily if they remain connected.
- There is often a business need to gain access to the files or emails on a departed employees’ computer. It is critical that the computer or other data asset be preserved properly before any access should take place.
- Do not use your IT department to collect your data unless they have the process, procedures and certified forensic examiners to perform those tasks. Data may be mishandled resulting in irreversible and damaging effects.
Trusted to Handle the Sensitive Data Around the world
DiscoverReady regularly collects data from around the world for global clientele including clients in financial services, technology, retail, pharmaceutical, and energy industries. Clients describe our data systems and processes as among the most secure and trusted in the field. We also work closely with counsel to comply with applicable data laws, regulations, and recognized best standards to ensure data security, proper evidence handling and protection of personal information.
Please ask your DiscoverReady contact or email email@example.com for more information.