Note:An updated version of this checklist is now available. You can download it here.
You've detected a computer crime and decided to report that activity to law enforcement. Before you touch the affected machine, open a single event log, or run another program; you must secure all digital evidence. Yet the steps necessary to maintain the integrity of digital evidence often run contrary to common IT practices. This checklist tells you what to do and what not to do in the aftermath of a computer crime. Don't let simple mistakes, such as powering off the machine or accessing affected files, ruin the chance of a successful prosecution.
Join this ongoing discussion of this download and share your experiences with the aftermath of a computer crime. Also, let us know if our Computer crime evidence-preservation checklist provided helpful information and if there's anything we can do to improve the document's format.
- 64 KB
- Apr 2005
- Tech Pro Research