PDA, Mobiles Phones, Digital diaries, Tablet PC, Laptops and obviously Desktop Computers are now an important part of our daily life. These digital instruments are also sign of our expert life style. In short our daily work could be very difficult to perform without these devices but these devices also create problems for us like, insecurity of our personal data. Hackers can exploit your data. You can be victim of digital crime at any time and your data is always at stake. It can be harmful for yourself and for your organization.
Usually an organization suffers from digital crime when they fired a person from a job. Employee could copy critical data or delete data from your server or any computer or he/she can clock a logic bomb which can destroy data after he/she left the organization. Usually victims do not take any action for digital crime because of less knowledge of digital crime investigation. People think no one can grab these criminals and cannot follow the trails but this is totally a wrong approach.
A digital crime investigator can easily trace digital finger prints if crime scene is preserved. After the crime we have to care about the electronic evidences which a criminal left on criminal scene. It is very important to preserve environment of crime scene otherwise we shall lose digital finger prints and trails. These trails can guide us to reach criminal or trace the exact person who perform crime.
Today here we shall talk about the preserve crime scene after crime and how we can collect some electronic evidence and trails of digital finger prints to start an investigation. In collection of evidence we have to care about many things. For collection of evidence you have not to be an expert but you know the basic of computer, mean how to use internet, basic applications and operating system. I want to share some of my experience with you and that will be beneficial for you in future to protect you from a digital crime or help to collect evidences from crime scene.
So we start here and assume a scene after a digital crime. Digital crime can happen by an employee. Assume your employee has been deleted your data from your server. In this situation we have to check many things like. Who have access and rights for server? Who is responsible for data backup? Is any backup available? If you have backup then situation is in your favor and you can copy your data from backup. So keep backup daily of your data.
Steps you have to follow for preserve a crime scene:
1.Preserve your crime scene, never remove any physical installations.
2.Disconnects your server or servers from network.
3.Never remove or install any software on server or any other PC.
4.Check and make list of granted users and administrators.
5.Check who is responsible for your file server backup and how frequently admin took backup.
6.Check list of installed software and antivirus update. Data can removed or effect by any virus too.
7.Try to get exact time of crime if possible.
8.Check that how many users was login on server that time.
9.Preserve and list all DVDs/CDs/Floppy Disk/Flash Disk or any other removable device you found on crime scene.
10.Never try to copy or delete anything from effected disk because this can make difficult of impossible the process of data recovery.
Above mention exercise can help a lot to a forensic expert for collection of digital prints and trails and lead him to find digital criminal.