Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Computer Forensic questions

Posted on 2011-09-16
5
Medium Priority
?
417 Views
Last Modified: 2012-05-12
Hi

- What Tools would we take during stage of search and collect evidence to ensure the security of these evidence and they not tampered with?

- What is the important characteristics of digital evidences to be used in court proceedings?

thanks
0
Comment
Question by:ang3lus
5 Comments
 

Author Comment

by:ang3lus
ID: 36552856
One more question:

why forensic analysis of original devices is only done as a last resort?

thanks
0
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 360 total points
ID: 36553130
The most important part is that it be done by a trained and reputable technicians, possibly law enforcement personal, under a search warrant if necessary.  It would be the last resort because the devices must be confiscated to preserve the evidence.  For use in court, the "chain of custody" must be preserved and recorded.  http://en.wikipedia.org/wiki/Chain_of_custody

If you're serious about going to court, this is probably not a do-it-yourself thing.  You should talk to the police and maybe a lawyer before you take any action.  You wouldn't want to sabotage your own case.
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 320 total points
ID: 36553146
I second Dave"s comments. This is not a DIY undertaking.

One mistake can literally ruin your case. There are so many variables involved in answering your questions that I wouldn't know where to begin. Seek out qualified assistance.
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 36553384
Forensic is more of a reactive means to sieve out evidence to aid the investigation establish more leads to join the dots in a case. Agree with both experts that for legally binding responsibility, you probably need to consult your enterprise legal. Technically, forensic is done on cloned version and not on the original device, but we also need to note that sometimes it may be even be live forensic acquisition to grab the volatile evidences.

http://www.csoonline.com/article/220718/how-to-keep-a-digital-chain-of-custody?page=1

Laws dealing with digital evidence are concerned with two issues: integrity and authenticity. Integrity is ensuring that the act of seizing and acquiring digital media does not modify the evidence (either the original or the copy). Authenticity refers to the ability to confirm the integrity of information.

The admissibility of digital evidence relies on the tools used to extract it. In the US, forensic tools are subjected to the Daubert standard, where the judge is responsible for ensuring that the processes and software used were acceptable.

http://en.wikipedia.org/wiki/Digital_forensics#Legal_considerations

The  National  Institute  of  Standards  and  Technology  (NIST)  has  a  dedicated  group working  on  Computer  Forensic  Tool  Testing  (CFTT).   They  develop  test methodologies for a category of tools and conduct tests using specific input cases.  The specification for disk imaging tools was published [15] and the tests were conducted on several different tools. More details and even some test findings on the tool can be found in the CFTT site

http://www.cftt.nist.gov/project_overview.htm

0
 
LVL 4

Assisted Solution

by:JohnDecker
JohnDecker earned 320 total points
ID: 36554067
^^Bang on - it's done on a clone with read only attributes so that things like date stamps don't get altered. Microsoft supply forensic software to LE around the world; love to get my hands on it..

If you try a DIY approach you'd get ripped to pieces in court.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question