Transporting of samples in laboratory
Transporting samples must be carefully done, given their fragility. It is necessary to take precautions about protecting against physical shock, humidity, heat or especially the influence of electromagnetic waves. On this latter point should be avoided placing equipment near sources of electromagnetic radiation such as fax machines, copiers, radios, cell phones. It is advisable to measure the electromagnetic field with special tools where are stored the samples.
Analysis of samples
Once brought into the lab, the components must be assembled to reconstruct the original system. For this there are used photographs or videotapes filmed before raising evidence respecting the original connections, and information obtained from witnesses in relation to practices of the use of the computer system.
The first step in analyzing samples of electronic nature is linked to the need to ensure their veracity. In order to prove the veracity of the evidence, it is necessary packaging and sealing them in the specific manner.
The first step in the protection of information systems against data modification must be done even during the search by taking measures to protect the physical storage media for writing.
It is recommended that forensic analysis of the contents of the disc to be done on a facsimile of the original disc, made in lab with software and devices. The process not only involves copying all the files on disk, but the entire contents of the disk, sector by sector, including temporary files, swap files, deleted files, even the information located on damaged portions of the disc, etc. A copy of this nature is also now realized by special programs. It recommends to create two copies, one of them realizing proper analysis, the other as a backup.
Copying must be done by a reliable process. In order to have this feature, copying must:
- ensure the possibility of verification by third parties; the court or the opposing party must be able to verify the accuracy of the copy made.
- to have as result safe copies, that can not be forged.
It is recommended to be recorded the full detailed process of copying, indicating equipment, software and storage media used.
Safekeeping of samples is done by first copying the contents of the original systems, and conduct forensic investigations on a copy of it, having the same characteristics as the original.
As an additional security method, it can be performed mathematical authentication of the content of a storage medium, either hard disk or floppy disk, optical media, etc.. This process is achieving by mathematical processes of an image of storage media, ie image that can serve as a reference if integrity is challenged. Authentication is achieved by means of special software which provides a high degree of safety from 1 to several millions.