Given that an Employee, External hacker etc. has made an attempt or entered your systems.
What would the minimum legal requirements be with regards the collection of the
1. Forensics – Store all evidence on read only media. (CD/Dvd, Magnetic tape)
2. Print and authenticate all printable evidence, seal and enter into evidence.
3. Maintain historic records of logons and attempts, audit trails etc. for how long ???
What else or how else should one be prepared to gather and maintain enough evidence to build, maintain and win a case.
