Page 1362 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1362
Warrants must be specific in their scope. The warrant must
contain a detailed description of the legal bounds of the search
and seizure.
If investigators fail to comply with even the smallest detail of these
provisions, they may find their warrant invalidated and the results
of the search deemed inadmissible. This leads to another one of
those American colloquialisms: “He got off on a technicality.”
Conducting the Investigation
If you elect not to call in law enforcement, you should still attempt to
abide by the principles of a sound investigation to ensure the accuracy
and fairness of your inquiry. It is important to remember a few key
principles:
Never conduct your investigation on an actual system that was
compromised. Take the system offline, make a backup, and use the
backup to investigate the incident.
Never attempt to “hack back” and avenge a crime. You may
inadvertently attack an innocent third party and find yourself liable
for computer crime charges.
If in doubt, call in expert assistance. If you don’t want to call in law
enforcement, contact a private investigations firm with specific
experience in the field of computer security investigations.
Interviewing Individuals
During the course of an investigation, you may find it necessary to
speak with individuals who might have information relevant to your
investigation. If you seek only to gather information to assist with your
investigation, this is called an interview. If you suspect the person of
involvement in a crime and intend to use the information gathered in
court, this is called an interrogation.
Interviewing and interrogating individuals are specialized skills and
should be performed only by trained investigators. Improper
techniques may jeopardize the ability of law enforcement to
