Computer Forensic Legal Standards and Equipment

This paper addresses an issue of increasing importance to companies in this modern era. Computer Incident Response Teams (CIRTs), network security, and intellectual property (IP) security are growing in importance and are becoming many companies' top priority in this age of increased security conscious commerce. The topic of this document focuses on the CIRT aspect of security conscious commerce, but in a less familiar role. This less familiar role of CIRT is the function of investigations and more specifically, the role of computer forensics as part of a company's arsenal in the war on network/resource abuse and intellectual property theft. This document is not designed to provide a specific checklist of everything that a CIRT must have, or provide expert knowledge of all laws related to the handling of evidence. It does however seek to provide the reader with some of the basic considerations and tools available to make a CIRT or corporate investigator effective in gathering, preserving and analyzing computer evidence.