Knowing different types of hardware
Checking for unauthorized hardware
Keeping up-to-date with new trends in hardware devices
Knowing various operating systems
Knowing different types of filesystems
Identifying maintenance tools
Knowing legal rights and limits Forming an incident response team
Be prepared! This motto is especially true in the computer forensics field. In order to do a thorough job, a computer forensic investigator should know how the network under investigation is laid out, what devices are in use, what types of operating systems are installed, and what types of filesystems are being used. Most organizations have incident response teams that can help provide this information for forensic situations. As an investigator , you need to know your legal limits and be familiar with the laws of the locality where the crime was committed, as well as the laws where the perpetrator is located to be sure that any case you build will stand up in a court of law.
Most of the groundwork needed to build a case can be done ahead of time so that when the need arises, the task can be done more efficiently . This chapter guides you through these processes.