Questions For Det. Palmer

- What can initiate an investigation?
    -  Do you handle the investigation differently based on how it was initiated?
    -  What background information do you need before going to the scene?

- What is the first step when coming to the scene of an investigation?

- what are the general steps you perform when taking control of the machine in question?
  - what do you do before you unplug?
  - how do you turn it off?
  - what do you document?

- what happens to the machine after you have it in custody?

- have you ever had the need for network-based evidence?

- do most of the machines you see have some sort of password protection on it?

- how do you guarantee that the data is not corrupted by forensic analysis?

- does your office do the analysis directly?

- what tools do you use to collect and analyze the data?

- what are your general steps to collect forensic data?

- What are some of the mistakes you've seen occuring when collection the data?

- What is the best way to assure that the evidence collected will be court admissible?

- what type of cases are the most difficult? why?

- do you approach different operating systems differently?

- how long does it take to complete a forensic analysis?