That no action take is taken that should change data held on a digital device including a computer or mobile phone that may subsequently be relied upon as evidence in court

Where a person finds it necessary to access original data held on a digital device that the person must be competent to do so and able to explain their actions and the implications of those actions on the digital evidence to a Court.

That a trail or record of all actions taken that have been applied to the digital evidence should be created and preserved. An independent third party forensic expert should be able to examine those processes and reach the same conclusion.

That the individual in charge of the investigation has overall responsibility to ensure that these principles are followed.

The evidence must prove that there is a conviction of guilty

Anything that happens on our network

Something that damages our network

Anything that triggers a response from our servers

Anything we believe might be on our network

Only items that are logged as harmful

Any event we know or suspect adverse to our network

Only something defined in our Response Plan