The proper handling and securing of evidence is critical. Mistakes in how evidence is acquired can lead to that evidence being tainted and subsequently not forensically sound. In addition, if an incident involves potential legal issues, critical evidence can be excluded from being admitted in a criminal or civil proceeding. There are several key tenets of evidence handling that need to be followed:
- Altering the original evidence: Actions taken by digital forensic examiners should not alter the original evidence. For example, a forensic analyst should not access a running system if they do not have to. It should be noted that some of the tasks that will be explored have the potential to alter some of the evidence. ...