Data Preservation
Learn about the data properties required to be admissible as evidence of a security incident and some techniques required to collect it.
We'll cover the following...
Overview
It should be assumed that data collected from an incident will be requested at a later date by law enforcement to support a legal investigation. The data collected from the incident may need to be used as evidence that something did or didn’t occur or that an entity is or isn’t liable for a criminal or damaging act.
Properties of admissible data
For data to be admissible as ...