Informática forense

: recolha e preservação da prova digital

Abstract

The proliferation of digital communication networks in society has led to a concomitant increase in their involvement in illicit activities. The examination and analysis of all computer equipments has become an important aid to those that must deal with computer incidents, criminal, civil or labour related. The correct technical and juridical execution of the proceedings, that rules the identification, recovery and collection of digital evidence, is fundamental since it becomes the first step in the evidence chain of custody. This thesis consolidates in a single document the best practices, recommendations and norms that rule the identification, collection and preservation of the digital evidence, according to the Portuguese law. Every proceeding is according to the Portuguese law and some examples are presented whereas technically logical and correct would be legally inadmissible and possibly even a crime if undertaken. The ISO 27037:2012 is taken into consideration as well as the recommendations of several international organizations such as the European Council, the G8 or the IOCE. This thesis describes the correct proceedings of the planning and execution of a collection and preservation of digital evidence operation. In addiction it presents the proceedings of the preparation of the digital evidence supports, including their validation through digital signature. It also presents the proceedings of evidence collection in corporate systems, through open sources, the interpretation of email headers and through that way the identification of their source. Finally and under a format that can easily be converted into a small manual or pocket guide, all the proceedings are consolidated independently of technical knowledge and directed to a first responder.

Date of Award	11 Jul 2013
Original language	Portuguese
Awarding Institution	Universidade Católica Portuguesa
Supervisor	Rui Pires Alves (Supervisor)