Field Guide Part Eight

by Timothy E. Wright
Sept. 19, 2017 0 comments Symantec

This is the eighth and final article in Field Guide for Investigating Computer Crime. In our last installment, Information Discovery - Basics and Planning, we briefly compared the physical search and seizure with its logical (i.e. data-oriented) counterpart, information discovery. We introduced the basics for the information discovery process, noting how establishing and protecting the chain of custody for logical evidence was delightfully straight forward! We then discussed three basic rules of thumb that should act as guides for any information discovery, and mentioning along the way how each rule has a parallel in the world of physical search and seizure. We are now ready to bring things to a close by examining the final two stages - searching for and processing data evidence. So! Without further ado, let us tackle the remaining stages of information discovery...