now very different from incident response. We have computer forensics. So when we talk about incident response, our primary goal is to really contain the damage and correct the systems with forensics. What we're looking to do is collect evidence in such a manner that it would be admissible in court.
So we're really seeking prosecution
in forensics. So the same principles that apply to more traditional type crimes and the forensics revolving in that category are gonna apply to computer evidence as well. So what? We have just a few little elements of forensics.
Ah, So the forensic principles, of course, have to be applied to digital evidence What I just said,
but the big one evidence should not be altered as a result of the collection or the examination or analysis. So that's one of the things that we have to be very diligent about is making sure that we have a guarantee that the evidence has not been modified. We'll talk about some of the ways we do that.
Um, if you're gonna work with digital evidence, you must be qualified or under the direction of someone that is,
we have to make sure that we document document document will talk about chain of custody. And in many instances when evidence is ruled inadmissible somewhere along the line, the chain of custody has broken down.
All right, So when we talk about digital evidence, we have to think about the evidence being off. Then it we have to be able to guarantee its source of origin and again going back to that idea that it hasn't been modified. It's gotta be accurate. And again we have to be able to guarantee its accuracy.
Needs to be complete, needs to tell a story, not just part of the story.
It has to be convincing, and it has to be admissible. So the rules of evidence they all make sense. Authentic, accurate, complete, convincing and admissible.