may be susceptible to damage or alteration from electromagnetic fields such as those generated by
static electricity, magnets, radio transmitters and other devices. Keep electronic evidence away from
magnetic sources. Avoid storing forensic evidence in vehicles for prolonged periods of time.
Excessive heat, cold, or humidity can damage forensic evidence. Verify that computers and other
electronic components that are not packaged in containers are secured in the vehicle to prevent shock
and potentially damaging vibrations.
In response to the need to analyze, preserve, protect and defend forensic evidence, an
initiative was begun in 1999 to build and staff Regional Computer Forensic Laboratories (RCFLs)
Thirteen RCFLs are available for use by more than 1,000 law enforcement agencies, spanning fifteen
states. The New Jersey RCFL provides free computer forensic training services for law enforcement
investigators and computer forensic specialists, who can also receive FBI digital forensic examiner
certification through participation in a twelve to eighteen month training regiment that includes
coursework, backed by forensic labs and on the job training.
Computer forensic investigations may involve dead or live analysis techniques. Live analysis
techniques use software which existed on the system during the time slot being investigated This is in
comparison to dead analysis techniques, which uses no software which existed on the system during
that time slot. “Rootkits” provide the most common source of false data during live analysis. Rootkits
are backdoor tools which modify existing operating system software so an attacker can keep access to
and hide on a computer. There are several countermeasures which exist to deal with rootkits. To
counter application level rootkits, an investigator can us a CD of trusted tools that he or she knows
have not been modified. Library level rootkits, may be countered by an investigator using a CD of
trusted tools which are statically compiled so they do not use Trojan libraries. Live analysis may not
produce reliable results, but is useful in some cases. Some computer forensic investigations will be too