SECURING EVIDENCE CORRECTLY

In order to secure evidence correctly, it is neccessary to have access to equipment, knowledge but salso standardized procedures. This is important for cases of corporate crime and other public crimes. In companies high management can course severe damages and even lead to companies going out of business. Here is its important to play by the rules to get hold of hidded assets and filter out falsified evidence.

IS IT POSSIBLE TO MAKE EVIDENCE USELESS AT COURT?

When evidence is not collected and analyzed by the book of rules then a court may see it as proven that the chain of custody is no longer valid and may dismiss the evidence as worthless.

some companies and entrepreneurs think they can fool the justice departments by creating falsified evidence. Some even want to save a lot of money and start running a “quick and dirty” backup activity. This eventually results in a long list of law violations. Data privacy laws and even communication laws may be violated, too.

IMPORTANT STEPS TO PROTECT THE CHAIN OF CUSTODY

When securing evidence from mobile devices our forensic experts and clients should follow these recommendations:

  • The devices (Handy, Smartphone, Dictaphone, USB Stick, …) containing evidence should no loger be used and also no be in reach of the accused person.
  • When a smartphone is still switched on, then it is best to active “Flight mode” (flugmodus). This reduces the risk of outside inflience from Wifi, GSM, bluetooth and other elements. If the phone is not switched on then do not power up phone just to active flyight mode. To check the situation, just pres once on the home button or power putton.
  • Secured phones are to be kepts inside the Faraday Bag.
  • In a preferable situation one has all pins and accesscodes (e.g. itunes backup passwords)
  • Look out for original documentation the GSM provider shiped with the phone as here are often PIN and PUK available.

In accordance with the current use of the device (home or business usage) it can be necessary to check further parameters:

  • Is the device connected with a Mobile Device Management? MDM Systems can be used to wipe evidence containing devices from long distance!
  • Visual Check: what is the current state (Damages, charged up, accessories??). The charging cable is not vital but can be of help if a device has a special power conector (i.e. tablets of notebooks).
  • If possible, it is recommended to collect technical information on the device itself (Serial number, IMEI Number, Operating System, Memory Capacity, PIN code, PUK).
  • Serial numbers of SIM cards.
  • The IMEI Number of device.
  • Was the device syncronized with a computer? then also collect that computer for analysis
  • Are there any backups on a computer for particular mobile devices (Smartphone, PDA, GPS, …)
  • Are there any case relevant files stored on external hard drives or memory cards?
  • Have cloud services (e.g. Dropbox, Facebook, SkyDrive, iCloud) been used by the device or user?

Following important recommendations for our clients should they be confronted with corporate crime:

  • Never conduct inhouse your own examinations on devices as data bay be lost or integrity degraded
  • Never allow a Computer Service provider restoere emails with out the necessary consultations. You can violate employment laws and data privacy laws. You might be sued for good reason.
  • Never conduct a full examination on all employees without necessary reason and selection. It is illegal to declare all employees as violators.
  • Remember to follow good compliance standards.

Contact us for analysis and quote

We offer immediate, 24/7 assistance from our team of digital investigators.

CALL: +49 89 – 54041070