Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition

Chapter 6 Collecting and Preserving Evidence

“Extraordinary claims require extraordinary evidence.”

—Carl Sagan

One of the most critical steps in a digital forensics investigation is collecting and preserving evidence. Why is this such a big deal? The answer is simple. If you get this step of the forensic process wrong, everything you do is likely ruined when it comes to legal matters. Entering evidence into a court system is about documentation, which means proving without a reasonable doubt that something was found without contamination during the investigation process. Any challenges from the defense that can’t be answered may cause your evidence to be denied as something that can be used for your case. You absolutely must nail proper collection ...

Get Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition by Joseph Muniz, Aamir Lakhani

Chapter 6

Collecting and Preserving Evidence

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly