| |
But what if you have already
tried looking at the disk? Stop and leave the computer exactly
as it is, do not even turn it off or on. Confess to your forensic
specialist what you have done and let the practitioner work from
there. The worst course of action would be for you not to tell
the specialist, who eventually is called in to investigate the
matter, that you have accessed the disk!
A
Final Word
If a matter you are
working on has potential evidence on computer disks, we recommend
that you engage a qualified computer forensics professional as
early as possible. Not only can such professionals conduct the
proper investigation we have described herein, they can assist
with preparing and answering interrogatories, drafting language
for search warrants, and carrying out preliminary "stealth"
investigations to assess the potential evidence. In choosing a
computer forensic specialist, be certain too that your choice
not only knows how to conduct the disk acquisition and data retrieval,
but can also provide expert reports, depositions, and testimony.
Chosing a specialist who is qualified and experienced in all of
these matters will be more cost effective and will simplify the
coordination of professionals involved in preparing the case.
Published in
Louisiana Law Journal December 2002, used by permission
|
|
