Digital forensics is playing an increasingly significant role in civil and criminal litigation, and the integrity and admissibility of digital evidence depends on sound preservation practices. D4's forensic experts know the importance of preserving the integrity of ESI and maintaining a proper chain-of-custody, and we've developed these guidelines to help you in your preservation of digital evidence. About D4's Digital Forensics and Investigations Services: The D4 Digital Forensics team is comprised of certified consultants and technicians that specialize in digital forensic investigations, 26(f) Meet and Confer Consulting, Complex Discovery Consulting, Expert Testimony, etc. D4's Digital Forensics technicians are well-versed in the preservation, collection and analysis of ESI on Macs, and other Apple products, smartphones, tablets and many other desktop and mobile devices. Some examples of the investigations that our Digital Forensics team has assisted with include: internal employee matters, theft, harassment, embezzlement, violations of company policies, and trademark infringement. Digital Forensic Certifications include: Certified Information Systems Security Professional (CISSP®), EnCase Certified Examiner, AccessData Certified Examiner, Certified Computer Examiner (computer forensic certificates), Private Investigators License (required to conduct computer forensics collections and investigations in the state of Michigan)

1. The Dos and Don’ts
of Digital Evidence
Preservation

2. Digital forensics is playing an increasingly
significant role in civil and criminal litigation, and
the integrity and admissibility of digital evidence
depends on sound preservation practices.
www.d4discovery.com

3. ?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????????????????????????
Is your evidence being
properly handled?Q:

4. D4 has developed the following guidelines to aid
you in your preservation of digital evidence.
www.d4discovery.com
DO DON’T

5. &
www.d4discovery.com
Begin a proper chain of
custody for each individual
piece of digital evidence.
First Things First!
Verify ownership of devices.

6. www.d4discovery.com
DO NOT power on or continue
to use any devices in question.
DO collect all ancillary
power cords and cables.

7. #0123456789#
www.d4discovery.com
DO record the make,
model and serial numbers
of the devices in question.
DO NOT remove the
batteries to collect this
information.

8. www.d4discovery.com
DO NOT ask IT personnel to run a
data collection or conduct a
forensic investigation.
Collections must be conducted by staff trained in forensic
processes, procedures and methodologies.
This ensures evidence is preserved in an admissible manner.

9. www.d4discovery.com
DO (if possible) take possession
of an entire suspect computer,
not just hard drives.
Important information can be obtained from physical
devices, including date/time settings and boot-up order.

10. www.d4discovery.com
DO NOT log into a suspect device
as the suspect custodian.
? This can make it nearly impossible to tie
data and actions to a certain suspect.

11. www.d4discovery.com
DO NOT leave devices connected to a
company intranet, network, or the Internet.

12. www.d4discovery.com
DO store devices in a secured location
until handed over for imaging and
analysis.
Securing devices and their data ensures potential
evidence isn’t tampered with or altered in any way.

13. What About the Who?
So Now You Know the How…

14. www.d4discovery.com

15. www.d4discovery.com
D4 conducts thousands of collections
and forensic investigations each year.

16. www.d4discovery.com
Our forensics experts know the
importance of preserving the integrity
of ESI and maintaining a proper chain-
of-custody.

17. www.d4discovery.com
Our methods are based on law
enforcement standards and we enter
every engagement assuming the ESI
preserved will be used in a court of law.

18. www.d4discovery.com
D4’s forensic experts are known for
providing objective testimony and are
experienced acting as a neutral third
party.

19. www.d4discovery.com
 Verify findings of other computer forensic experts
What Can Do
Learn More about
D4’s Digital Forensics

20. www.d4discovery.com
 Verify findings of other computer forensic experts
 Recover deleted files and file fragments
Learn More about
D4’s Digital Forensics
What Can Do

21. www.d4discovery.com
 Verify findings of other computer forensic experts
 Recover deleted files and file fragments
 Assist with internal employee investigations
Learn More about
D4’s Digital Forensics
What Can Do

22. www.d4discovery.com
 Verify findings of other computer forensic experts
 Recover deleted files and file fragments
 Assist with internal employee investigations
 Preserve and collect data from social media sites
What Can Do
Learn More about
D4’s Digital Forensics

23. www.d4discovery.com
 Verify findings of other computer forensic experts
 Recover deleted files and file fragments
 Assist with internal employee investigations
 Preserve and collect data from social media sites
 Collect ESI from smart phones, cloud storage sites,
and more
What Can Do
Learn More about
D4’s Digital Forensics

24. www.d4discovery.com
 Verify findings of other computer forensic experts
 Recover deleted files and file fragments
 Assist with internal employee investigations
 Preserve and collect data from social media sites
 Collect ESI from smart phones, cloud storage sites,
and more
 Defensible remote preservation collection services
What Can Do
Learn More about
D4’s Digital Forensics

25. 


marketing@d4discovery.com
www.d4discovery.com
800.410.7066