Forensics Processes

From Glitchdata

Jump to navigation Jump to search

FIRST step is to establish a chain-of-custody log.
NEVER conduct forensics on live system
- ONLY conduct forensics on copies on systems.

Forensic Processes

Evaluation
Preservation
- Preservation and documentation of evidence for review by law enforcement and judicial authorities are of primary concern when investigating. Failure to properly preserve the evidence could jeopardize the admissibility of the evidence in legal proceedings.
Analysis
Disclosure

Retrieved from ‘https://wiki.glitchdata.com/index.php?title=Forensics_Processes&oldid=39378’