A serious incident occurred regarding theft of medical records. After the incident was near completion, law enforcement was brou
ght in to review the collected evidence. The case eventually went to court. Unfortunately, the evidence provided by the computer security incident response team (CSIRT) was ultimately rejected, resulting in the case being thrown out. What was the likely cause of the evidence being rejected
In this scenario, the most likely reason was that the evidence collection was mishandled. There is a very strict chain of custody involving evidence for cyber attacks such as this one. If the evidence is mishandled or does not go through the proper channels of authority as soon as the incident happens then the evidence cannot be used in court. This is because the evidence becomes tainted and brings up many questions in court such as if it was planted, manipulated, or even removed from a crime scene which can all change the outcome of the case.
