Maintaining System Integrity During Forensics

by Jamie Morris
Sept. 25, 2017 1 comment Symantec systemintegrity

Deciding how to maintain the integrity of a system for use in a forensic examination can be a little like deciding which club to use to get out of the rough on the last hole of a golf tournament, i.e. the stakes are high and you never know if you've made the right choice until it's too late to change your mind (note: this analogy only works if you play golf as badly as I do. If you're a good golfer, or if you don't play golf at all, you'll have to come up with one of your own). While the use of good judgement may be more art than science, if we keep in mind certain basic principles and remember to think before we act we should give ourselves the best possible chance of a successful forensic outcome. These basic principles are the bedrock upon which any notions of a "best practice" must be constructed and will be the basis of this article.

2flash 7 months, 3 weeks ago

I find it written a bit messy to be honest, but there are still some aspects I do like it (like talking about the best practice notion).