I think that a computer in my organization may contain important evidence. What are the first steps I should take?
A. The first step one should take in this situation is to immediately cease any and all use of the computer in question. Further use of this computer may damage any relevant evidence. If the suspected computer is turned off, it should remain off. Be sure to secure the computer at this point to prevent persons from unknowingly using it. If the computer is on, it is important that you do not go through a normal shutdown process. Instead, call Chicago Computer Forensic Services for immediate instructions on what to do next. It is also imperative that you do not allow the internal IT staff to conduct a preliminary investigation. At this point, all you have is information and data; there is no evidence. Unless your IT staff is certified in computer forensics and trained on evidentiary procedures, they have not maintained chain of custody or followed other accepted evidence techniques. Secondly, even if proper evidence handling techniques have been used, the collection process itself has alt
Related Questions
- I have Adobe Reader 7.0, but not (I think) Adobe Acrobat. Whats a reputable, free, downloadable program for PDF editing?
- Is there a local organization or company that will take computer monitors to donate -both working and non?
- I think JavaScript can be dangerous. Does TreeGrid contain any security issue or risk?
