Common Evidence Collection Mistakes

1 min read Advanced Security Topics

Common Evidence Collection Mistakes

Avoid these pitfalls during evidence collection:

  1. Running antivirus on evidence: May delete crucial artifacts
  2. Booting suspect systems: Alters timestamps and data
  3. Using original evidence for analysis: Always work on copies
  4. Poor documentation: Inadequate notes compromise investigations
  5. Breaking chain of custody: Gaps in documentation
  6. Improper tool usage: Using unvalidated or inappropriate tools
  7. Ignoring volatile evidence: Focusing only on disk images