Since computer crimes are only increasing and will never really go away, it is important that all security professionals understand how computer investigations should be carried out. This includes legal requirements for specific situations, understanding the “chain of custody” for evidence, what type of evidence is admissible in court, incident response procedures and escalation processes, and that security professionals are not robo-cops.

When a potential computer crime takes place, it is critical that the investigation steps are carried out properly to ensure that the evidence will be admissible to the court and that it can stand up under the cross-examination and scrutiny that will take place. As a security professional, you ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.