“Forensically Sound”. One of those phrases that is commonly used, misused, unused, and abused.

Disclaimer: This is my opinion, which is not a legal opinion. I call it Brett's Opinion. But along with that, I have identified, seized, analyzed, requested analysis, checked-in/out, transferred/assumed custody, and had entered into court cases thousands of items of evidence from electronic data to brain matter. This short post is to give my opinion on the use “forensically sound”. The reason I want to mention this is because I witnessed a DF expert state in public that capturing live (volatile) memory is not forensically sound because you can’t reproduce it or enter it as evidence. I think we must be careful about some things we say. In the most basic sense, any “thing” that is accepted by a court as evidence is forensically sound, since the court accepted the process used and admitted the "thing" as evidence. We get caught up when performing computer science work in digital forensics and tend to forget that every situation is a bit different from the next situation, in either minor or major ways. The general processes we use are similar for each situation, but of course we vary a little depending on what we come across. The situation we approach dictates how…