Introduction
As there are many events in field of computer security , few of them are satisfiable while some are worthwhile just like a successful courtroom experience. Investigating a computer security incident leads to a legal proceeding such as court proceeding, where the digital evidence and documents obtained are likely used as exhibits in the trial. There are specific and special rules existing for ensuring that the evidence which are likely used as exhibits are genuine and exactly the same what they want to be or appear to be. So your collection , handling and storage of electronic media, paper documents, equipment and any other physical evidence can be challenged during adverse civil or criminal proceedings by an adversary.
To meet
…show more content…
In best evidence rule an original copy of document is considered as superior evidence. One of the rule says, if an evidence is readable by sight or reflect the data accurately such as any printout or data stored in a computer or similar devices or any other output is considered as ‘original’. It states that multiple copies of electronic files may be a part or equivalent to ‘original’. Electronic evidence collected is mostly transferred to different media so many computer security professional are heavily dependable on this rule.
At my organization, we define best evidence as the most complete copy or a copy which includes all necessary parts of evidence which is closely related to the original evidence. One of the best evidence is having the original evidence media. Let say a client has a copy of the original evidence media, then it is considered as best evidence. We treat our forensic duplication by considering it as best evidence. Therefore, when we say “best evidence” it is nothing but we refer to the evidence we have in our power.
• Original