Page 1

First Responder Procedures Akbar Raspati Iskandar


Introduction to First Responder Procedures

First responder adalah orang yang pertama kali sampai ditempat kejadian perkara dan bisa mengakses system korban.

apabila kejahatannya menyerang server perusahaan, diharapakan segera menghubungi investigator. Mereka akan mengirim orang untung menjaga barang bukti dari tempat kejadian perkara. first responder harus memiliki basic pengetahuan computer forensik investigation. Mereka harus mengetahui hukum agar barang bukti untuk persidangan semakin kuat


Role of the First Responder o

Identifying the crime scene

o

Protecting the crime scene

o

Preserving temporary and fragile evidence

o

Collecting all information about the incident

o

Documenting all findings

o

Packaging and transporting the electronic evidence


First Response Basics 

Under no circumstances should anyone except qualified forensic analysts make any attempts to collect

or recover data from any computer system or device that holds electronic information.

Any information present inside the collected electronic devices is potential evidence and should be

treated accordingly.

Any attempts to recover data by untrained persons could either compromise the integrity of the files or

result in the files being inadmissible in administrative or legal proceedings.

The workplace or office must be secured and protected to maintain the integrity of the crime scene and

the electronic storage media.


Questions to Ask When a Client Calls the Forensic Investigator  What happened?  Who is the incident manager?  What is the case name or title for the incident?

 What is the location of the incident?  Under what jurisdiction are the case and seizure to be performed?

 What is to be seized (make, model, location, and ID)?  What other work will need to be performed at the scene (e.g., full search and evidence required)?  Is the search and seizure to be overt or covert, and will local management be informed?


Packaging and Transporting Electronic Evidence Evidence Bag Contents List

Date and time of seizure

Investigator who seized the evidence

Names of the officers who took photographs or prepared a sketch

Exhibit number

Where the evidence was seized from

Sites where individual items were found

Names of the suspected persons

A short summary of the details of the seizure

Details of the contents of the evidence bag

Packaging Electronic Evidence  Make sure the gathered electronic evidence is correctly documented, labeled, and listed before packaging.  Pay special attention to hidden or trace evidence, and take the necessary actions to safeguard it.  Pack magnetic media in antistatic packaging.  Do not use materials such as plastic bags for packaging because they may produce static electricity.  Avoid folding and scratching storage devices such as diskettes, CD-ROMs, and tapes.  Make sure that all containers that contain evidence are labeled in the appropriate way.


Chain of Custody Chain of Custody Documentation A chain of custody document contains the following information about the obtained evidence: 

Case number

Name, title, address, and telephone number of the person from whom the evidence was received

Location where obtained

Reason for evidence being obtained

Date/time evidence was obtained

Item number/quantity/description

Name of the evidence

Color

Manufacturing company name

Marking information

Packaging information Simple Format of the Chain of Custody Document


First Responder Common Mistakes 

Shutting down or rebooting the victim’s computer. In this case, all volatile data is lost. The processes that are running on the victim’s computer are also lost.

Assuming that some components of the victim’s computer may be reliable and usable. In this case, using some commands on the victim’s computer may activate Trojans, malware, and time bombs that delete vital data.

Not having access to baseline documentation about the victim’s computer.

Not documenting the data collection process.


Chapter Summary 

Electronic evidence is material of investigative value that is transferred by or stored on electronic devices.

Health and safety issues are important in all of the work carried out in all phases of forensic procedures.

Sometimes the user is present, and consent from the user is required.

Documentation of an electronic crime scene is a continuous process during an investigation.

The chain of custody is a written description created by individuals who are responsible for evidence from the beginning until the end of the case.


TERIMAKASIH

Akbar chapter 4  
Read more
Read more
Similar to
Popular now
Just for you