[TABS_R id=6660]
Which statement is true with regard to evidence collection?
- Allow full access to the crime scene.
- Always shut the computer down first.
- Always call police.
- Always protect the integrity of the evidence.
Explanation:
You should always protect the confidentiality and the integrity of all evidence collected and ensure that a proper chain of custody is maintained. You should never shut the computer down until all volatile (memory) evidence is collected. You should tightly control access to the crime scene. You should always consider calling the police carefully as they will take control of the investigation.
In summary, guidelines for evidence collection are:
– Upon seizing digital evidence, actions taken should not change that evidence.
– When it is necessary for a person to access original digital evidence, that person must be forensically competent.
– All activity relating to the seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review.
– An individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession.
– Any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.
[TABS_R id=6660]