The statement is correct. Corporate, or private-sector, investigations are conducted under the authority of the business to enforce company policy and protect assets. However, when an investigator discovers evidence of a criminal act, the legal authority to investigate and prosecute that crime rests with public-sector law enforcement agencies. The corporate investigator's role shifts from leading the investigation to preserving the evidence and supporting the official law enforcement investigation. Continuing a private investigation into a criminal matter without notifying law enforcement can lead to serious legal consequences, including the contamination of evidence, making it inadmissible in court, and potential charges of obstruction of justice.

This is a "True or False" question; therefore, there is only one incorrect option. Stating the answer is "False" would be incorrect because it implies that a private corporation has the legal standing and authority to conduct a criminal investigation. This is fundamentally wrong; the power to investigate and prosecute violations of criminal statutes is vested in the government (i.e., the public sector). A private entity that attempts to do so usurps the role of law enforcement and risks invalidating the entire case.

1. NIST Special Publication 800-61 Rev. 2, Computer Security Incident Handling Guide.

Section 3.3.3, Reporting to External Organizations: This guide explicitly states, "If an incident involves criminal activity, such as a threat from an attacker, the organization should report the incident to law enforcement. The organization should also consult its legal department regarding the incident." This directly supports the requirement to refer criminal acts to law enforcement.

2. Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to Computer Forensics and Investigations (6th ed.). Cengage Learning. (A standard textbook in university computer forensics courses).

Chapter 1, Understanding the Digital Forensics Profession and Investigations, Section: "Private-Sector Investigations" (pp. 11-12): The text distinguishes between the two types of investigations, stating, "In private-sector investigations, you must follow company policy and guidelines... However, if your investigation uncovers evidence that a crime was committed, you must stop your investigation to make sure you don’t violate the rights of the suspect... At this point, your employer’s legal department and management should decide whether to involve law enforcement." This confirms the transition and referral process.

3. NIST Special Publication 800-86, Guide to Integrating Forensic Techniques into Incident Response.

Section 2.3, Interaction with Other Teams: This document discusses the necessary coordination between an incident response team and other entities, including law enforcement. It notes, "If it is possible that a crime has been committed, the organization should contact law enforcement... Law enforcement may then take over the investigation or provide guidance to the organization’s investigators." This reinforces that the discovery of a crime necessitates involving and often deferring to law enforcement, effectively making it a public-sector concern.