When collecting evidence from technology, there are general forensic and procedural principles. These are standard guidelines that should be adhered to, such as making sure actions that are taken to secure and collect evidence should not change that evidence in any manner. Another principle is that any activity relating to the seizure, examination, storage, or transfer of electronic evidence should always be fully documented, preserved, and available for review when necessary.

You know that forensic tools are critical to the investigator and help him or her adhere to the guiding principles. Tools provide a way for the investigator to capture evidence without damaging it.

  • Explain why is this critical.
  • What are the most important features (at least 5) that you would look for in a tool to capture evidence correctly?
  • List 3 tools used in the industry.

  8-10 PowerPoint slides

