Episode 3: Carved From Unallocated – 10 Common Mistakes Examiners Make in Digital Forensics
In this episode, we’re going to talk about 10 common mistakes examiners make in digital forensics and some things you can do to avoid them.
We compiled this list by reaching out to active examiners, instructors, and tech professionals in the digital intelligence and forensics field. In no particular order, here is our list of the top 10 mistakes digital forensics examiners make:
- Failing to secure the mobile evidence.
- Only skimming the surface of the data.
- Proceeding file by file.
- Failing to bookmark.
- Not understanding where the data came from.
- Not asking for help.
- Performing extraction techniques outside your level of training or certification.
- Failing to verify the timestamp or time zone.
- Failing to properly verify or validate the data as a whole.
- Stopping your education.
Here’s a teaser of the advice covered in the podcast:
On failing to secure your evidence and removing the device from the network, Heather explores what that can mean to your investigation. If you have a device in your hand and you only have one chance with it and someone remotely accesses it, you can kiss that chance goodbye because they’re going to overwrite the data on the device by wiping it.
You also want to make sure that your current consent or search warrant is written for “data at rest.” If you have it connected to the network, more information is going to keep coming into that phone. So, you really want to make sure you secure the device, protect your evidence, and remove it from the network.
Listen to the podcast to get more valuable tips.