• Principle 1: No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data that may subsequently be relied upon in court.
• Principle 2: In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
• Principle 3: An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
• Principle 4: The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to. The investigation proceeds via a series of steps, which …show more content…
In completing this phase, I would first gather as much information as possible from the I.T. professionals responsible for maintaining the network. I would also assess the networks firewall, all devices that the network is comprised of and inquire of any network failure that may have occurred recently. I would also enter the registry and identify all removable devices that were added to the network and look if they were any that were enabled during or before the time the malware, indications begin appearing. Considering all these factors, I would select the forensic tools I would like to use to assist me in the investigation and ensure I have adequate space to store all the images I will