Forensic Sterilisation

Question 1

The Wiping Process

Answer 1

The wiping process overwrites
the data on the external device with a known character

Question 2

Overwriting Data

Answer 2

During the wiping process, the
investigator can also choose how many times to
overwrite

Most forensic software suites do NOT have the ability
to recover information that has been overwritten one
time

Question 3

Documentation

Answer 3

Sterilization proccess assists when testifying, shows that the necessary steps were taken to
eliminate any residual data and to prevent cross
contamination of data, performed in lab, wiping and verification verified and throughly documented

Question 4

Remote wiping

Answer 4

If any signal is recieved when seizied device is powered on, could potentially be a remote wipe of the device or override data stored on device

Question 5

Shielding device methods

Answer 5

Faraday bags isolate - allow for no interaction

Faraday boxes isolate - allow for evidence preview

Faraday Tents - allow for isolation of a larger area and direct interaction

Faraday paint - allow for entire rooms to be isolated

Arson can / tin foil - homemade versions, low tech and may not be as effective

Airplane mode - easiest built in feature in most devices

Question 6

Off state

Answer 6

Leave off to avoid - evidence deletion / override, location data and general alteration to the device

Question 7

Off state steps

Answer 7

Wear PPE to avoid DNA contamination

Note device details, make model ESN and carrier

Note physical condition

If possible remove SIM card

Employ mobile shielding methods

Package and label device and transport safely

Question 8

On state

Answer 8

Document information,
applications, and settings of the device at the crime
scene

Keep an external power source connected until device is able to be processed

Question 9

On state steps

Answer 9

Only additional step is that the handset must also be kept charged