Data Preservation
Learn about the data properties required to be admissible as evidence of a security incident and some techniques required to collect it.
We'll cover the following...
We'll cover the following...
Overview
It should be assumed that data collected from an incident will be requested at a later date by law enforcement to support a legal investigation. The data collected from the incident may need to be used as evidence that something did or didn’t occur or that an entity is or isn’t liable for a criminal or damaging act.
Properties of admissible data
For data to be admissible as ...