I havn been tryign to search for one but I jsut can't find it.
I even look into DOJ web site but I really cant find any procedure on hard disk collection. My Legal department is bugging me to have my procedure align to some Fed standards.
Hi Francis87,
As you are probably aware there are many varying methods and company specific hardware\software for acquiring data from Hard Drives or any media for that matter. As long as the method used can verify that the original data was not altered in any way then who is to say which method is the best or set as a standard.
If your organisation is concerned about any legal comeback then I would suggest using a proprietary hardware that the manufacturer will support in any contest that ir is reliable.
If your question is more specific to the organisation's Policies and Procedures then there are many open source references. Many seem to be based on the UK ACPO guidelines.
Cheers Dave
Hard drive collection and preservation are a very important and critical component to the requirements that your legal department is requesting. Just be aware that there are many tools to capture hard drive evidence in a forensically sound manner but the most difficult and time consuming piece is understanding the chain of custody process and verifying that the process used to collect, move and store that data i sound.
Let us know if there are any specific things you have questions about.
at the moment, I am writing a procedure on collecting evidence, primarily hard disk. I agree with dksniper and gtorgersen( i thanks them for their posts).
I guess, I just had to talk to the Legal adviser that as long as my collecting of evidence procedure sound good, even without reference to DOJ document, it still can hold weightage.