This preview shows page 1. Sign up to view the full content.
Unformatted text preview: le to explain these findings in layman’s terms using
metaphors and analogies. Of course the findings, which are top secret or company confidential, should only be disclosed to authorized parties. This may include the legal
department or any outside counsel that assisted with the investigation. The Australian Computer Emergency Response Team’s General
Guidelines for Computer Forensics
• Keep the handling and corruption of original data to a minimum.
• Document all actions and explain changes.
• Follow the Five Rules for Evidence (Admissible, Authentic, Complete,
• Bring in more experienced help when handling and/or analyzing the
evidence is beyond your knowledge, skills, or abilities.
• Adhere to your organization’s security policy and obtain written
permission to conduct a forensics investigation.
• Capture as accurate an image of the system(s) as possible while working
• Be ready to testify in a court of law.
• Make certain your actions are repeatable.
• Prioritize your actions, beginning with volatile and proceeding to
• Do not run any programs on the system(s) that are potential evidence.
• Act ethically and in good faith while conducting a forensics
investigation, and do not attempt to do any harm. ch10.indd 897 12/4/2009 11:39:12 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 898
What Is Admissible in Court?
He is guilty because I don’t like him.
Response: Um, I need more than that.
Computer logs are important in many aspects of the IT world. They are generally
used to troubleshoot an issue or to try to understand the events that took place at a
specific moment in time. When computer logs are to be used as evidence in court, they
must be collected in the regular course of business. Most of the time, computer-related
documents are considered hearsay, meaning the evidence is secondhand evidence.
Hearsay evidence is not normally admissible in court unless it has firsthand e...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12