Computer Forensics Expert Note: In the field of computer forensics, The preserving and authentication phase is critical to ensure the admissibility of evidence, should that become necessary. Perhaps, the most important consideration is that the original evidence must not change the during the acquisition process. For this reason, the forensic examiner must use forensically sterile new media. The examiner must also ensure that the forensic copy is an bit-by-bit copy. To authenticate properly, the examiner must perform three hashes: First hash the original evidence.