Which of the following is not one of the four "Cardinal Rules" of Computer Forensics?

The option stating "Never document until all evidence is evaluated" is not one of the four "Cardinal Rules" of Computer Forensics because proper documentation is a crucial aspect of the forensic process and should be conducted throughout the entire investigation. In fact, thorough and accurate documentation should occur at every stage, including when evidence is collected, when it is analyzed, and as results are interpreted. This helps establish a clear chain of custody and ensures that any findings can be accurately communicated in a legal context.

The other principles focus on the integrity of the evidence and the methods used during an investigation. For instance, mishandling evidence can compromise its value, working on original evidence can lead to data loss or alteration, and mistrusting the subject's operating system is important as it could contain tampered or misleading information. These rules aim to maintain the credibility of the forensic process and the validity of the findings.