Because each computer forensics collection operation can vary so greatly, investigators need to have a playbook to operate from.
One of the difficulties when attempting to create boilerplates is to make them general enough to be useful in an array of situations but detailed enough to be helpful.
An investigator’s playbook may include black bag inventories and forms.
In certain situations, even tools that were created with the computer forensics process in mind may be somewhat destructive.
Software used for the collection and preservation of computer evidence usually falls ...