Methodology for the forensic analysis of images of storage units
DOI:
https://doi.org/10.34070/rif.v11i1.391Keywords:
analysis methodology, RFC-3227 regulations, computer forensics, digital evidence, expert reportsAbstract
The main objective of this article is to present a Forensic Analysis Methodology for specialists in computer
expertise whose activities in judicial assignments are in the investigation of storage peripherals in Linux or
Windows Operating Systems; for the purpose of obtaining digital evidence. The structure that makes up
the stages of the methodology are based on the criteria established within the RFC 3227 standard for the
guidelines that allow the collection of evidence and its standardized storage in the treatment of security
incidents; UNE 71506:2013 allowed, through the forensic analysis methodology, to guide the development
of the stages; for the preparation of the expert reports, support was obtained in the UNE 197010:2015, which has several criteria for the preparation of opinions in the field of ICT and to strengthen the methodology, the UNE-EN ISO/IEC 27037 was analyzed: 2016 to include several of the standards that allow the processes of identification, collection, acquisition and preservation of potential digital evidence to be carried out. The results obtained conclude that traditional methodologies can improve the investigative and procedural experience of the specialist through the implementation of flowcharts without losing quality in the process.
