Aug 17 2009 8:26PM GMT
Posted by: Robert Davis
Boot, Configuration, Data Acquisition, Electronic Discovery, Event Management, Forensic Imaging Software, Illegal Acts, Incident Handling, Incident Response, Information Security Management, Irregularities, ISM, Law Enforcement
Preserving Electronically Encoded Evidence – Part IV
Posted by: Robert Davis
Boot, Configuration, Data Acquisition, Electronic Discovery, Event Management, Forensic Imaging Software, Illegal Acts, Incident Handling, Incident Response, Information Security Management, Irregularities, ISM, Law Enforcement
Whether target data is in transit or at rest, it is critical that measures are in place to prevent the sought information from being destroyed, corrupted or becoming unavailable for forensic investigation. When evidence is at rest, adequate procedures should be followed to ensure evidential non-repudiation. Volatile data capture assists investigators in determining the system state during the incident or event. Consequently, the utilization of functionally sound imaging software and practices are essential to maintaining evidential continuity.
“View Part I of the Preserving Electronically Encoded Evidence series here“
Post Note: An expanded version of this blog entry is available through the ISACA Journal.
Comment
RSS Feed
Email a friend
