When a BDUSMI deputy receives a cyber-related evidence request, how should they respond?

Handling cyber-related evidence requests requires following a formal, forensically sound process. The best approach is to coordinate with cyber forensics, preserve data integrity, document the request, and follow chain-of-custody procedures. This ensures the evidence is handled correctly from start to finish, remains admissible in court, and can be verified by others who audit the case. Refusing to document the request leaves no auditable record, making it hard to prove what was requested and when. Ignoring chain-of-custody and copying data illegally breaks the chain that proves evidence has not been altered and can render it unusable in court. Forwarding the request to IT without verification bypasses the specialized steps and safeguards required for forensic handling, risking improper collection or contamination of evidence.