In a forensic report, one of the most critical parts is data acquisition it is through this process that the determination of the outcome of the case. One must be able to identify the sources of data that they will include in the report. In this section, the investigator is required to write in detail how they handled the digital evidence and the kind of precautions they undertook to ensure the evidence is preserved and acquired forensically. To be on the safe side, it is usually better to have gathered more information than none.
While undertaking any step of information gathering the investigator should ensure they prioritize the data collected. Data can either be volatile or non-volatile and since volatile data is capable of change should be handled first. On the other hand, data collected should be verified to be of high integrity, and it should follow the structured chain of command and all the other steps that would be undertaken for instance wiping the storage forensically should also fall in this part of the report (Ackerman, 2006).
The general tone of the report should be that of impartiality and neutrality. This is to ensure there are no biases in the collection of data for the report. Overall, data acquisition is part of the report where the investigator comes one on one with the collected digital information and evidence of a case and after a thorough investigation, analysis and documentation they can analyze the integrity of the acquired digital evidence and the chain of custody.
After obtaining volatile data, the next step is obtaining non-volatile data such as the hard drive. After the acquisition of data verification of integrity should be done and a brief description of the digital evidence; finding and handling of the evidence.
- Ackerman, M. J. (2006). Forensic report writing. Journal of Clinical psychology, 62(1), 59-72.