O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Policy Review

During the interview and supporting-artifact-collection process, investigators are encouraged to collect any existing information technology–related policies when collecting evidence in corporate environments. Although this step may seem like a daunting task, the information gathered can provide critical clues to where data can be found. Furthermore, corporate employee acceptable-use policies can prove instrumental in identifying users who were knowingly acting outside of the stated policy.

Two types of policy review can be of interest to investigators: preincident policy review and a review of policies collected as supporting artifacts in an investigation.

For corporations that are further developing their incident-response team’s ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required