ACT QUICKLY TO PRESERVE COMPUTER BASED EVIDENCE – Stop operating the computer(s) and engage a qualified computer forensic expert to perform a forensically valid collection.

ALLOW UNQUALIFIED INDIVIDUALS TO “INVESTIGATE” THE COMPUTER(S) IN QUESTION – Simply turning on a computer will destroy potentially critical evidence such as file time stamps and deleted data. Computer forensic examiners use specialized equipment and procedures to ensure this evidence is preserved.

CONSIDER ALL POTENTIAL SOURCES OF DIGITAL EVIDENCE - Other sources of evidence may include flash drives, CDs, DVDs, external drives, backup tapes, mobile phones, PDAs, digital cameras, gaming consoles, network shares, servers, perimeter system logs and provider records.

HIRE THE "CHEAPEST" COMPUTER FORENSIC EXPERT – The marketplace is full of Information Technology professionals that have arbitrarily labeled themselves as computer forensic "experts". These vendors often charge lower fees because they do not possess the expertise or equipment necessary to deliver complete and accurate results. Quality forensic services are not cheap - the real experts make very large investments in a variety of forensic hardware, software and training. If your case is important enough to hire an expert, make sure you engage the right one. (see FAQ on evaluating computer forensic experts)

SEND PRESERVATION REQUEST LETTERS -- If critical computer-based evidence is in the possession of other parties, immediately send letters requesting that all relevant electronically stored data be preserved.

DELAY IN CONSULTING AN EXPERIENCED COMPUTER FORENSIC EXPERT – Call BINARY INTELLIGENCE at 1-866-246-2794. A free consultation will help identify special situations and other sources evidence. Quality initial advice may be critical to the success of your case and reduce costs associated with processing digital evidence.