The forensic process
|Wikipedia has related information at Digital forensic process|
A digital forensic investigation usually consists of three main stages, and one preliminary stage (which is beyond the scope of this book). As you will see these stages have different requirements and technical skills - from attention to detail, through to technical skills and a good writing ability.
The seizure of evidence is considered largely outside the scope of this book; because it could be an entire book on its own. For the most part a forensic examiner will not be involved in seizures except in a technical capacity (i.e performing an on-site acquisition), however you do need to question where the evidence has come from.
Seizure of evidence can take many forms. From law enforcement using a court warrant through to a company "seizing" an employee's laptop. When conducting a forensic examination you are responsible for your actions, and if the material you are examining was illegally seized there could be serious consequences (even rising to the level of yourself being accused of computer crime!).
You must always be happy with the source of evidence, and that you are authorised to continue with an examination.
Where evidence has been seized by law enforcement it almost certainly has been done within procedure. If so, there are unlikely to be any problems for the examiner, because it is reasonable to assume that the police have done their job correctly.
For private work this consideration is much more important. If a company, for example, owns the digital device being examined then it is usually acceptable to examine. But if the device is the employees own this requires permission, or a court order. Whenever you are examining a piece of evidence question whether it belongs to the company, and if it does not ensure that the correct permission has been obtained.
||Some more extra details/advice on this topic are covered in Seizing digital media|