Evidence Identification
Your initial task in an investigation is to identify the evidence you need for your case. Remember, without evidence you don’t really have much more than an opinion. Every case is different, so you will likely need different types of evidence for each case. Knowing what evidence you will need is an integral part of a successful investigation. One rule of thumb is to “take everything.” Unfortunately, there are substantial legal and logistical issues involved in this approach. More realistically, you should take anything and everything that could be remotely related to your case. Religiously adhere to the chain of custody guidelines and label everything as it is removed.
Who Will Use the Evidence You Collect?
Treat every ...
Get Computer Forensics JumpStart, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
