While data collection may seem like a straightforward process, it rarely is.  There are an innumerable amount of unforeseeable circumstances, computer technologies, and people that can cause problems during an on-site collection.  In this multi-entry blog series, we'll be discussing the most common items and the people that can make data collection more difficult for you so that you can make more informed decisions during your collections and collection prep.

Magnetic Tapes

Tapes are an exception to normal collection and processing.  While they can be very useful to an investigation, there are a few things that make collecting and processing tapes much more difficult and time-consuming than other media.

• Tape data must be pulled through the software used to create it, much like a database. If you try to merely copy a tape, it will come out looking like garbage, since the program that wrote it is not there to "interpret" and make sense of it.
• There are many different software applications that can write to tapes, so finding out which program wrote the data to the tape may be difficult.
• Tapes come in many shapes and sizes. A tape drive is needed to "run" a tape, and different tapes require different tape drives.
• Tapes may contain data that is part of a series. The series must be reconstructed for the data to be properly viewed.
• When poorly labeled or unlabeled, finding the right sequence may be difficult or impossible.

Try to enlist the help of your client's IT to ensure you have the most information you can get (such as the info above) about any tapes you will be collecting.

Databases

Databases such as Oracle and Microsoft SQL aren't necessarily difficult to collect, but they are difficult to search and review once collected, especially if they are collected improperly.  Databases are stored in such a way that it is nearly impossible for a human to discern any information from them without the source (database) software to interpret it.

To help illustrate why one can't merely review a "duplication" of a database, imagine a several hundred page spreadsheet.  Now cut out the individual cells of that spreadsheet and mix them up with your eyes closed.  What you end up with (a jumble of random cells and numbers) looks a lot like the data that a database has stored.  The database software knows how to link the separated cells back together so that when you ask for certain cells it can retrieve them, but you cannot just print the database and look it over; it will look like a jumble of computer code.

Databases must be collected and reviewed a very specific way, so be sure to talk to your EDD vendor for advice on what to do after they've done the collection.