Field Guide Part Six

by Timothy E. Wright
Sept. 17, 2017 0 comments Symantec Detection & Response

In our last article,"Search and Seizure: Approach, Documentation, and Location" we saw how a team of investigators interacts with the computer crime scene during the stages of securing and documenting the crime scene, and searching for evidence. Up to this point, the process of search and seizure hasn't been overly cumbersome - below, the discussion of evidence retrieval and evidence processing will change this! Not to despair, though. As we mentioned in the second article,"Overview of a Methodology for the Application of Computer Forensics" , it is possible to streamline the effort of investigating computer crimes. For example, an organization might assign degrees of priority to cases, such that the most urgent cases require a full treatment by investigators, while the least urgent do not. The key here, is that an established policy governs the assignment of priorities to cases, and guides the investigative process accordingly.