Getting into Digital Forensics
Today, with computer systems used in everything, when legal battles or crimes happen, sometimes the bulk of the evidence involved will be digital. How the chain of evidence is handled can make or break a case. When preforming third-party penetration testing for PCI or HIPPA, your collected data is your evidence and should be handled just like it would be handled is a legal case. A Chain of Evidence should be laid out and followed during testing and the storage of your evidence after testing. You never know when what you think will be just a normal test may end up being a legal case. An example is when you're testing and find you are not the only one on the network. The network you are testing has already been breached. Now your test has turned into an Incident Response case where legal actions may be taken. Your testing data is now legal evidence. Yes, this does happen in real life. Bo has, on several occasions, found he wasn't the only one in the network while...
