Section 12

Forensics Team Policies and Procedures

The forensics team should always follow a structured documented process, wherein the content of the items to be investigated needs to be preserved, validated, and documented. Any investigation must be understood at the onset as to its dimensions, scope, and investigative methods which are best based upon proven techniques, such as proper and legal collection of evidence and obtaining proper bit-stream “hash encrypted” copies of evidence.

Keywords

Forensics policies; reporting

The forensics team should always follow a structured documented process, wherein the content of the items to be investigated needs to be preserved, validated, and documented. Any investigation must be understood at the onset ...

Get Computer Incident Response and Forensics Team Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.