Evidence Collection Policy

After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.

Consider the following questions for collecting and handling evidence:

  1. What are the main concerns when collecting evidence?
  2. What precautions are necessary to preserve evidence state?
  3. How do you ensure evidence remains in its initial state?
  4. What information and procedures are necessary to ensure evidence is admissible in court?

Sample Solution