Ch10indd 894 1242009 113912 am all in 1 cissp all in

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: eive if you told an IT manager that you needed to shut down a primary database or e-mail system. It wouldn’t be favorable. So these systems and others, such as those using on-the-fly encryption, must be imaged while they are running. To ensure that the original image is not modified, it is important to create message digests for files and directories before and after the analysis to prove the integrity of the original image. N OTE NOTE Logs should be kept detailing all activities, systems, peripherals and their serial numbers, and each team’s actions. This will help ensure that the evidence, or the process of collection, can stand up to scrutiny and be used in a court of law. Also be sure to document the role of the system(s) in the organization. N OTE NOTE In most cases, an investigator’s notebook cannot be used as evidence in court. It can only be employed by the investigator to refresh his memory during a proceeding. ch10.indd 894 12/4/2009 11:39:12 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 895 Forensics Field Kits When forensics teams are deployed, they should be properly equipped with all of the tools and supplies needed. The following are some of the common items in the forensics field kits: • Documentation tools Tags, labels, and timelined forms • Disassembly and removal tools Antistatic bands, pliers, tweezers, screwdrivers, wire cutters, and so on • Package and transport supplies Antistatic bags, evidence bags and tape, cable ties, and others The next crucial piece is to keep a proper chain of custody of the evidence. Because evidence from these types of crimes can be very volatile and easily dismissed from court because of improper handling, it is important to follow very strict and organized procedures when collecting and tagging evidence in every single case—no exceptions! Furthermore, the chain of custody should follow evidence through its entire life cycle, beginning with identification and ending with its destruction, permanent archiving, or return to owner. ch10.indd 895...
View Full Document

This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.

Ask a homework question - tutors are online