Field Guide To Electronic Evidence. Dockery & Associates. October,
1997. Web address: http://evidence.finder.com/dockery/
Abstract: This article provides a list of fraud indicators associated
with cases involving computers. These indicators include a missing hard
drive, no copies or backups, paper records do not match electronic records,
claimant is not anxious to have equipment repaired, and the time and date
stamps of files are post-fire event.
The article also provides a list of do's and don'ts when handling electronic
evidence. Do not examine the original media. A copy should be made to preserve
the date and time stamps of the original. The evidence should not be examined
on the claimants computer system to avoid additional claims that the investigator
ruined their system. When retrieving the evidence always assume there is
a virus and take precautionary measures. Never touch a claimants computer
without first obtaining a release. The investigator should make every effort
to preserve the original media. The current time and date stamps of the
equipment should be validated. The electronic evidence obtained should be
secured like all other forms of evidence and stored properly.
For more information visit:
http://evidence.finder.com/dockery/

|