Solution Guide

ManualsBrandsDell ManualsSoftwareDell Digital Forensics Solution

Triage 19

Collecting Digital Forensics Evidence

Figure 2-1. Collection Workflow

secure scene

Are trained

personnel

available?

do not turn

the device

off.

document and

photograph information

request

assistance

remove power cord

from device(s)

label all connections

on device(s)

locate and secure

evidence

process all

devices

secure evidence

Is the

device on?

Is the

device a networked

environment?

Are

destructive processes

running?

Is evidence

visible on the

screen?

do not

turn device

on.