Forensic science can be defined as the application of scientific principles to legal matters. In an incident, CSIRT members may be called upon to perform analysis on digital evidence acquired during the incident, utilizing digital forensics tools, techniques, and knowledge. To make certain that the evidence is processed correctly and can subsequently be admitted into a courtroom, digital forensic examiners need to understand the legal issues along with the fine points of the digital forensic process.
In this chapter, we will examine the legal statutes that impact the CSIRT and digital forensics examiners as well as the rules that govern how evidence is admitted into court. To give context to actions taken, we will also explore the digital forensic process and finally address the infrastructure necessary to incorporate a digital forensics capability within...