Based on your approved case, create fictitious digital evidence. you may use logs from your own computer (no personal information) as a guide or search the internet for samples. these samples do not have to be technically correct, but there must be a reasonable presumption that this information would exist, supported by a reference. document who, when, and how the evidence was obtained. remember, you are creating fictitious examples, so refer to prior reading or examples of how digital evidence was collected. if necessary, refer to the "who" as a "systems administrator" and ensure the fictitious person is identified and referenced in your investigation. digital evidence must meet each of the following criteria: some of your digital evidence must be retrieved by computer forensics. some of your digital evidence must be retrieved from log files. digital evidence must contain information to support who, what, when, where, and how the cyber-crime was committed. present digital copies of your evidence in text files, screen shots, or pdfs.