Chapter 2
Preparation—What to Do Before You Start
- Identifying different types of hardware
- Checking for unauthorized hardware
- Keeping up with hardware trends
- Knowing various operating systems
- Knowing different types of file systems
- Identifying maintenance tools
- Knowing legal rights and limits
- Forming an incident response team
Be prepared! This motto is especially true for computer forensics. To do a thorough job, a computer forensic investigator should know the hardware, operating systems, file systems, and networking solutions associated with all equipment under investigation. Most organizations have incident response teams that can provide this information for forensic situations, or assist with its compilation.
As an investigator, you must know your legal limits and be familiar with local laws where the crime was committed or incident occurred. You’ll also need to know the laws where perpetrators reside, to be sure that any case you build stands up in a court of law.
If you do most of the groundwork needed to build a case ahead of time, when that need arises you’ll be able to complete the task more efficiently. This chapter guides you through the following processes.