IndexFour Major Forensic ProcessesChain of CustodySix Major Reasons to Use Forensic ProtocolsWhen conducting a cyber investigation, John Patzakis, a recognized authority on the admissibility and authentication of computer evidence in court, explains in his article Maintaining Forensic Processes Digital Chain of Custody that there are critical processes in computer forensics that should be remembered and followed. If they are not followed up, the cyber investigation is in danger, because the court will not recognize that the data collected is a mirror image. When it is suspected that the subject data is not a mirror image of the original, it is difficult to determine who accessed the data last, which timestamps are valid, and what the exact location of the subject media is because it is not clear whether it is it was the investigator or suspect who manipulated the data. Patzakis talks about how the Sarbanes-Oxley Act (SOx) has helped encourage companies to retain data for at least six years, with severe penalties for those companies that violate this law. In the aftermath of the Enron and Arthur Anderson accounting scandals, the SOx make clear that companies will be financially punished for destroying electronic records related to company emails, correspondence, financial documents, sent or received, especially when an investigation occurs or a judicial proceeding. .Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay Four Major Forensic Processes The four major forensic processes Patzakis recommends are physically checking the crime scene, recording all the details about your actions and the steps you took in the investigation, creating a mirror image of the subject's data , creating a hash that verifies the authenticity of the mirror image and recording all the details using a recognized forensic software tool. Chain of Custody Recording all details of the actions and steps related to a proper chain of custody, or documentation of who handled the evidence from the time of discovery until it is presented in court (Hayes, 26). The chain of custody shows exactly where the data subject's data is located in the media and how it is linked to the crime, who committed it and any unauthorized actions. Although many forensic software tools exist to record all the details of investigations, it is the paper reports used in trials that correspond to the crime scene, describing in great detail the precise events and times in which the crime was committed. In today's world, where computers are used everywhere, companies are finding that their employees who have left the company may have engaged in corporate espionage or unauthorized activities. Companies are creating a mirror image of employees' hard drives when they leave the company in case an investigation is opened later. Creating a mirror image allows forensic professionals to “freeze time” in a snapshot for future archiving. A photograph protects them against SOx and limits their liability, such as claims against them for evidence corruption. Computer forensic software tools are vital in proving that an image is an exact copy of the original, through what is known as the "hashing" process in the MD5 algorithm. Patzakis clarifies that investigators have different levels of experience, but when they follow his four processes, the investigation is more likely to be successful. All persons involved in cyber investigations should assume that they are involved in what will be presented in, 2014).