Chapter 9. Forensics II
Although a forensics examination might be tedious, it is generally a straightforward process. A trained investigator can, by following a standard set of rules, be reasonably assured that most of the incriminating data in the media will be found and the evidence will be admissible. However, there are special cases in which the standard guidelines cannot be followed without variation or the situation presents unique considerations.
For example, the investigator might be asked to conduct a search without alerting the suspect or suspects that the search was occurring. In such a case, the team is not able to seize the computer ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
