April 2, 2008
With this week's installment, our series on cyberforensics gets to the fundamentals of forensics: how to collect digital evidence. In Device Imaging and Analysis, Q-CERT'S Mounir Kamal explains the basics of collecting evidence at a cybercrime scene. He discusses the pros and cons of physically collecting the hardware as opposed to merely collecting the information off the hardware. He elaborates on the importance of preserving evidence and the chain of custody, explains the use of specialized hardware and software for evidence collection, and talks about the special problems posed by devices such as cell phones and PDAs. Reading this may not turn you into a digital Sherlock Holmes, but it will get you started.