ABSTRACT
As you learned in earlier chapters, the techniques we use to collect, preserve, and analyze forensic computer evidence are critical ingredients in our investigative process. In this chapter, we will briefly review issues involving evidence collection, maintaining chain of custody, and marking evidence, so that we can testify to its source, condition, and custody from the time of its collection until it is used in a legal action. Unlike our other discussions of this topic, we will marry the theory to the practice using actual tools.
