Guiding Principles
There are two major categories of principles in the conduct of computer forensics. Both are designed to protect the investigator, the evidence, and the rights of the accused.
Ethics
First, the investigator must have the authority to seize and search the computer. In corporate settings, this is normally granted by policy. The company acceptable-use policy should state that the company has the right to conduct a search on any or all company equipment, at any time, for any reason. (Note: Government agencies and contractors working for government agencies might have different requirements. IRT personnel should consult with their legal counsel prior to drafting policies.)
Second, the search should have clearly defined goals.“Fishing ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
