Describe the standardized defensible approach

Describe the standardized defensible approach/Macroeconomics

1. Describe the standardized defensible approach that is necessary to preserve evidence.
2. Briefly describe the objectives of an investigation to the corresponding chain of custody practices for acquiring and authenticating e-evidence.
3. Discuss effective methods for searching the vast amounts of digital data that are typically recovered in a computer forensics investigation.
4. Distinguish between a dead or postmortem analysis done in a trusted environment and a live analysis done in an untrusted environment (such as the crime scene itself).
5. Describe the operation of specific pieces of commercial forensics software for a variety of operating systems.
6. Describe the specialized types of computer forensics equipment, such as hard disk replicators, a forensics lab should have.
7. Briefly discuss the types of professional courses and certifications that are available to computer forensics personnel.
8. When a running computer is seized, it must be powered down for transport to the trusted environment of the forensics lab. Current practice is  to simply pull the plug, thereby preserving the operating system’s temporary files, which may have forensic value. Are there situations where this is an unwise move? What about temporary data being held in memory on a laptop computer?