A large commercial corporation has witnessed a security breach of the network and has found one laptop on the scene belonging to someone known to have the expertise for launching large-scale cyber-attacks against secure networks. The laptop and its data provide you with sources of physical and digital forensics evidence. Since the laptop was connected to the network, any communications involving the laptop could also provide you with some additional digital evidence.
This commercial corporation’s Point of Contact (POC) has requested your computer forensics team provide investigative expertise in this matter in multiple areas. In the preliminary investigative discussion, your POC for the cybercrime case would like your team to disclose, in your forensics plan, how you will approach the incident review and include the identification of any collection requirements for seizing, preserving, and authenticating the evidence. You will provide the POC with the known facts of the incident and what procedures were used during the initial case reviews.
How you will approach the incident review, including the identification of any collection requirements for acquiring and authenticating the evidence.
How your team will approach any legal restrictions and the determination of intent and scope.
The known facts of the incident and what procedures were used during the initial case reviews.