forensics: Assignment outline

From: daniel heinonen (d.heinonenat_private)
Date: Tue May 22 2001 - 17:20:12 PDT

  • Next message: Ryan Russell: "Re: Hard Drive Write Blocker"

    Hi all,
    
    Sorry to burden you all with my assignment again, however I thought if 
    anyone else was drafting talks or writing their own document
    some of this may come in handy.  When I finish my assignment on Friday I 
    will make it available.  I have directed this document to
    people outside the field as my experience is limited and this has been what 
    most other sites focus on.
    
    My main question would be with the broad topics I have listed below, are 
    there any, which people believe do not effect the work of
    computer forensics.  The other question would be is there anything major I 
    have left out.  I have a large amount of research material so I will be 
    backing these items up with examples.
    
    Volume of Information
             Rapidly increasing storage capacity
             Searching for evidence
             Evidence preservation
             Scope of seizure
    Technology advancements
             Increase in tools
             Increase in vulnerabilities
             Increasing awareness
             Changing environments
             Changing devices and scope of evidence
    Encryption
             Steganophy
             Assumption of guilt
             Reliance on user error
             Output of tools
    Authenticity
             Beyond reasonable doubt
             Multi users on one resource
             Administrator
             Integrity
             Company policies
    Integrity
             Sterile resources
             Proprietary tools
             Output of tools
             Output of computer generated records
             Checksum
             Output of encrypted files
    Time
             Court imposed limitations
             Time limitation of seizure may extend to examination
             Imaging of hard drive
             Distance between examination and court
             Technology changes
             Respond to crime in real time
    Finance
             Should encourage public to devise preventive technology
             Benefits of investigation
             High volume, low value offences
             Donated equipment
    Skilled examiners
             Training
             Private sector
             Money
             Sworn in or civilian
             Tech-lag
    Juridical boundaries
             Real time tracing
             Evidence admissibility
             Clearing houses
             Anomalies in law
             Extradition
             International treaties
             Multiple jurisdictions
    Legislation
             Storing of Illegal material
             Admissibility of evidence
             Hearsay
             Seizure of equipment
             Time
             Chain of custody
             Documentation
             Privacy
             Non sworn in investigators
    
    Many thanks,
    
    Daniel Heinonen
    



    This archive was generated by hypermail 2b30 : Wed May 23 2001 - 17:36:26 PDT