Acquiring Evidence
The most commonly accepted principles for seizing computer systems are defined in the U.S. Justice Department’s guidelines for search and seizure of electronic evidence. The most recent of version of these guidelines, however, seems to concentrate almost entirely on obtaining and executing search warrants and much less on the physical seizure of equipment and data. The complete document, called Searching and Seizing Computers and Obtaining Electronic Evidence, is available on the department’s web site at www.usdoj.gov/criminal/cybercrime/searchmanual.htm. Earlier versions might still be archived on the Web and provide extensive technical details about searches.
The basic rules are to (1) document everything that the investigator ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.