FOR2605
Assignment 2
Semester 2
Unique No: 783045
DUE 9 September 2025
, FOR2605: ASSIGNMENT 02
UNIQUE NUMBER: 783045
DUE: 9 September 2025
TOTAL – 50 MARKS
PRIMARY LECTURER: DR NC DUBE
Q1. Preservation guidelines to ensure the integrity of electronic evidence
1. Get legal authority and plan the seizure.
Confirm the warrant/consent covers the exact devices and accounts you will
collect (PCs, phones, cloud, routers). Have a simple checklist so actions are
consistent and defensible.
2. Secure and isolate the scene first.
Limit access, stop anyone from touching keyboards or phones, and note what is
powered on. Disconnect networks safely (unplug Ethernet; avoid shutting devices
down if that could destroy volatile data).
3. Stabilise devices to prevent remote changes.
For mobiles: enable Airplane Mode if the screen is unlocked, or place in a
Faraday bag; remove from power and keep the device awake if encryption/lock is
a risk. For computers: disconnect from Wi-Fi/Bluetooth and any network. The aim
is to stop remote wipes or sync changes.
4. Decide on power-state handling (live vs. dead).
If a device is off, keep it off. If it is on, photograph the screen, note open apps,
time, and connectivity, then follow agency policy on live capture of volatile data
(RAM, running processes) before powering down. Document your reasons either
way.
5. Do not change data, touch as little as possible.
Do not browse files, run programs, or “just check” contents. Only a competent
Assignment 2
Semester 2
Unique No: 783045
DUE 9 September 2025
, FOR2605: ASSIGNMENT 02
UNIQUE NUMBER: 783045
DUE: 9 September 2025
TOTAL – 50 MARKS
PRIMARY LECTURER: DR NC DUBE
Q1. Preservation guidelines to ensure the integrity of electronic evidence
1. Get legal authority and plan the seizure.
Confirm the warrant/consent covers the exact devices and accounts you will
collect (PCs, phones, cloud, routers). Have a simple checklist so actions are
consistent and defensible.
2. Secure and isolate the scene first.
Limit access, stop anyone from touching keyboards or phones, and note what is
powered on. Disconnect networks safely (unplug Ethernet; avoid shutting devices
down if that could destroy volatile data).
3. Stabilise devices to prevent remote changes.
For mobiles: enable Airplane Mode if the screen is unlocked, or place in a
Faraday bag; remove from power and keep the device awake if encryption/lock is
a risk. For computers: disconnect from Wi-Fi/Bluetooth and any network. The aim
is to stop remote wipes or sync changes.
4. Decide on power-state handling (live vs. dead).
If a device is off, keep it off. If it is on, photograph the screen, note open apps,
time, and connectivity, then follow agency policy on live capture of volatile data
(RAM, running processes) before powering down. Document your reasons either
way.
5. Do not change data, touch as little as possible.
Do not browse files, run programs, or “just check” contents. Only a competent
