Handling Evidence at the Scene

In this section, I’ll cover the various aspects of handling evidence at the scene. I’ll begin with securing the scene. Once the scene is secured, you need to document everything in place. After documenting the scene, the next step is that of seizing various items, namely, computers. Before computers can be seized, they typically have to be shut down. I’ll discuss the various issues associated with operating systems and system function as they relate to shutting down various systems. I’ll end the discussion with the bagging-and-tagging process, transporting, and securing, all in support of the all-important chain of custody. Let’s get started!

Securing the Scene

When you arrive at the scene, safety is the number-one ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by Steve Bunting

Handling Evidence at the Scene

Securing the Scene

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly