Solved

Computer Forensic questions

Posted on 2011-09-16
5
405 Views
Last Modified: 2012-05-12
Hi

- What Tools would we take during stage of search and collect evidence to ensure the security of these evidence and they not tampered with?

- What is the important characteristics of digital evidences to be used in court proceedings?

thanks
0
Comment
Question by:ang3lus
5 Comments
 

Author Comment

by:ang3lus
ID: 36552856
One more question:

why forensic analysis of original devices is only done as a last resort?

thanks
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 90 total points
ID: 36553130
The most important part is that it be done by a trained and reputable technicians, possibly law enforcement personal, under a search warrant if necessary.  It would be the last resort because the devices must be confiscated to preserve the evidence.  For use in court, the "chain of custody" must be preserved and recorded.  http://en.wikipedia.org/wiki/Chain_of_custody

If you're serious about going to court, this is probably not a do-it-yourself thing.  You should talk to the police and maybe a lawyer before you take any action.  You wouldn't want to sabotage your own case.
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 80 total points
ID: 36553146
I second Dave"s comments. This is not a DIY undertaking.

One mistake can literally ruin your case. There are so many variables involved in answering your questions that I wouldn't know where to begin. Seek out qualified assistance.
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 36553384
Forensic is more of a reactive means to sieve out evidence to aid the investigation establish more leads to join the dots in a case. Agree with both experts that for legally binding responsibility, you probably need to consult your enterprise legal. Technically, forensic is done on cloned version and not on the original device, but we also need to note that sometimes it may be even be live forensic acquisition to grab the volatile evidences.

http://www.csoonline.com/article/220718/how-to-keep-a-digital-chain-of-custody?page=1

Laws dealing with digital evidence are concerned with two issues: integrity and authenticity. Integrity is ensuring that the act of seizing and acquiring digital media does not modify the evidence (either the original or the copy). Authenticity refers to the ability to confirm the integrity of information.

The admissibility of digital evidence relies on the tools used to extract it. In the US, forensic tools are subjected to the Daubert standard, where the judge is responsible for ensuring that the processes and software used were acceptable.

http://en.wikipedia.org/wiki/Digital_forensics#Legal_considerations

The  National  Institute  of  Standards  and  Technology  (NIST)  has  a  dedicated  group working  on  Computer  Forensic  Tool  Testing  (CFTT).   They  develop  test methodologies for a category of tools and conduct tests using specific input cases.  The specification for disk imaging tools was published [15] and the tests were conducted on several different tools. More details and even some test findings on the tool can be found in the CFTT site

http://www.cftt.nist.gov/project_overview.htm

0
 
LVL 4

Assisted Solution

by:JohnDecker
JohnDecker earned 80 total points
ID: 36554067
^^Bang on - it's done on a clone with read only attributes so that things like date stamps don't get altered. Microsoft supply forensic software to LE around the world; love to get my hands on it..

If you try a DIY approach you'd get ripped to pieces in court.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now