Privacy needed to be considered when collecting computer evidence

admin — Sat, 15 May 2010 10:59:14 +0000

* Respect the privacy rules and guidelines of your company and your legal jurisdiction. In particular, make sure no information collected along with the evidence you are searching for is available to anyone who would not normally have access to this information. This includes access to log files (which may reveal patterns of user behaviour) as well as personal data
files.

* Do not intrude on people’s privacy without strong justification. In particular, do not collect information from areas you do not normally have reason to access (such as personal file stores) unless you have sufficient indication that there is a real incident.

* Make sure you have the backing of your company’s established procedures in taking the steps you do to collect evidence of an incident.

Computer evidence requirement

admin — Sat, 15 May 2010 10:55:08 +0000

* Admissible: It must conform to certain legal rules before it can be put before a court.

* Authentic: It must be possible to positively tie evidentiary material to the incident.

* Complete: It must tell the whole story and not just aparticular perspective.

* Reliable: There must be nothing about how the evidence was collected and subsequently handled that casts doubt about its authenticity and veracity.

* Believable: It must be readily believable and understandable by a court.

DISK-IMAGER: Hard drive duplicator, forensic data duplicator, disk wiper » Computer evidence

Privacy needed to be considered when collecting computer evidence

Computer evidence requirement