Kali is a Linux Debian distribution tailored to forensic investigations, computer security and penetration testing. Installing Kali in a virtual environment avoids any potential damage to the main operating system and files.
In any criminal investigation, tamper evident bags are used to collect evidence. In the UK, these bags have to meet specific government regulations in order to be admissible as evidence in court. In line with this, the UK government has published a good practice guide detailing how to use tamper evident bags (TEBs) correctly.
Forensic investigations normally take place within the framework of an incident and thus follow a common cycle of events. You suspect that an employee has found a way of intercepting emails from one of their colleagues. What would the incident lifecycle look like?
You suspect somebody of secretly using your computer and you want to perform a forensic investigation to prove it. The event log in Windows is an extremely useful tool and records huge amounts of system data.