From the course: Incident Response: Evidence Collection in Windows

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Evidence collection

Evidence collection

From the course: Incident Response: Evidence Collection in Windows

Start my 1-month free trial

Evidence collection

- [Instructor] As part of our incident response efforts, we are going to be gathering evidence. That's what this whole class is about. Now, if the evidence we're gathering is just for our own internal use within our company, then we don't need to follow the federal rules of evidence because these won't apply. But if your organization is involving law enforcement, you're going to have to understand the rules of evidence and be able to collect that evidence appropriately. Otherwise, it may not be allowed to be used in legal proceedings. This means we need to keep a chain of custody. A chain of custody is going to document who collected, controlled, and secured the evidence from a given incident. Without a proper chain of custody, the evidence collected would simply not be allowed to be used in a court of law. If your organization is going to be seeking criminal charges, maintaining the proper chain of custody is very…

Contents