As mentioned in Chapter 4, Recovering and Preserving Digital Evidence, well-intentioned action by a network administrator, information manager, or first respondent law enforcement officer, who are trying to determine whether a transgression has occurred and are attempting to preserve evidence, can amount to unintentional evidence tampering if they do not have some form of forensic experience and the right tools. Considering the heavy caseload of law enforcement agencies and digital forensic practitioners and the high cost of using their services, it seems long overdue that some form of basic training and tools such as ISeek be able to assist stakeholders in managing the identification and collection of potential evidence without contamination.
This section looks at this deficiency in digital evidence collection and preservation and offers some pragmatic...