How to use Assure
Set out below are the steps we would suggest you adopt when you use Assure in earnest. But before that, especially if you are a novice we suggest you:
- Watch a dodgy video or two.
- Have a couple of dry runs on a computer you control, acquiring something relatively small, such as a USB key.
This will give you an understanding of how to boot a computer from a USB key. As well as demonstrating how easy Assure is to use which in turn will hopefully give you confidence in what you are doing.
Then, if you’re considering having a go at doing your own investigation and have a free machine download a copy of Autopsy which will be able to read the files you created using Assure.
Depending the type of analysis and specification of machine doing the work this can be time consuming.
Acquiring digital evidence using Assure
When you come to use Assure for real and want to obtain a forensic copy of data for evidential purposes you will need:
- A camera, mobile phone or similar smart device to take some snaps.
- A copy of EviTrack Assure
If this has been sent to you. You will also need a password to access the system.
- If using the PenDrive version, an external storage device.
- A record of the date, time and place when this took place. (The Camera should record most of that for you.)
- Verify the cameras date and time is correct.
If using a smart device that automatically updates using ntp (Network Time Protocol) make a note of that.
- Make a physical note of where the acquisition is taking place. The address should do!
- Take some (contemporaneous) photographs of whatever is being acquired.
These need to be retained, without any modifications or cropping.
- The exhibit will need a unique reference. The acquirer’s initials followed by a number is the norm. e.g JBD/1.
The image can then be identified as JBD/2. A copy of the data contained within JBD/1.
- Acquire your forensic or intelligence image using the Assure application, following the relevant steps as you go.
- Send the digital image off to whoever is going to analyse the data.
- Lastly, email copies of the snaps together with a note of when and where this all took place to those analysing the data.
Note: If the drive is encrypted and you have access to the keys. Make arrangements for these to be forwarded on to the analyst too.