Data Preservation

Learn about the data properties required to be admissible as evidence of a security incident and some techniques required to collect it.

Overview

It should be assumed that data collected from an incident will be requested at a later date by law enforcement to support a legal investigation. The data collected from the incident may need to be used as evidence that something did or didn’t occur or that an entity is or isn’t liable for a criminal or damaging act.

Properties of admissible data

For data to be admissible as ...