Discussion Topic 1; Securing a crime scene
Examine the "five steps" to the evidentiary process if the incident caused a severe outage. How does this process grain against the impulse of the IT Manager or Contingency Plan Coordinator? How does the Cyber Incident Response Plan (CIRP, NIST SP800-34) address this problem?
Discussion Topic 2; Understanding the exceptions
Review the U.S. Department of Justice document explaining the Fourth Amendment protections in context of preparing electronic evidence. What are some noteworthy issues, recommendations, observations, or comments you have regarding these exceptions?