My preferred process for a harddrive would be to collect drive at site and bag in tamper proof bag. Then at the bench I would do an MD5 hash collection and forensic copy of the drive. I then like to bag the drive again and securely store and not touch unless absolutely necessary. How do people handle the id and bagging process when you go from collect to hash & copy to store. Do you use two bags or what. How is it recorded on a CoC form for the bag IDs etc.
- Keyboard Shortcuts:
Keep Up with TechRepublic