▶ 5.2 Digital Evidence
We must collect evidence before we can use it in any dispute. If we want to use this evidence in a legal proceeding, the evidence must be admissible; in other words, it must meet the legal rules and standards for evidence.
We may collect evidence through surveillance or seizure. In surveillance, we watch the behavior of the threat and keep a log of activities. In seizure, we take possession of equipment involved in the dispute. The requirements for surveillance and seizure vary according to whether we act as members of law enforcement or as a private party involved in the incident.
The Fourth Amendment Under U.S. law, surveillance and seizure are restricted by the Fourth Amendment of the Bill of Rights:
The right of ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
