Lawyers and computer forensic investigators have significantly different skills and perspectives, both of which are essential during cybersecurity incident response. The differences, however, can create friction and even conflict in setting priorities, communicating effectively and interpreting findings. In a two-part guest article series, Stephen Surdu, a senior advisor at Covington, and Jennifer Martin, of counsel at Covington, provide legal counsel with a better understanding of the focus of the forensic team in incident response, the various factors and evidentiary realities that may affect how an investigation is performed, and why response teams cannot always reach definitive conclusions. This first installment addresses investigative realities and how attorneys and forensic investigators can gain an understanding of each other’s perspectives and preemptively discuss any potential issues to be in the best position to address them efficiently during an incident and to provide the greatest value to their clients. See also our three-part series on forensic firms: “Understanding and Leveraging Their Expertise From the Start” (Feb. 22, 2017); “Key Contract Considerations and Terms” (Mar. 8, 2017); and “Effective Vetting and Collaboration” (Mar. 22, 2017).