Re: Issues with computer forensics

From: daniel heinonen (d.heinonenat_private)
Date: Thu Jun 21 2001 - 21:20:01 PDT

Next message: Pybus, David: "RE: wipe utilities"

Previous message: daniel heinonen: "Re: wipe utilities"
In reply to: svetlikat_private: "Re: Issues with computer forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marian,

I have been told that police in my area backup all information to CD after 
they have collected evidence.

I don't like the idea of this because I have had CD's die on me after a few 
years. Mind you if stored correctly some people argue that they last 
forever, other people argue they do not. I am talking to some people in the 
library achieves to see what research they have done on this. My thought is 
pick a format and make sure you are able to support it for as long as 
possible. Try to avoid proprietary formats and that sort of thing. Risks 
can only be avoided if you know about them. Correct procedures and 
understanding and consistency help alot. Good document on this is:
http://www.securityfocus.com/focus/ih/articles/crimeguide1.html

http://www.cops.org/ under procedures has how to examine a hard drive.

Untrained examiner, lack of documentation, in proper chain of custody, use 
of methods that are not transparent.
Evidence must be authentic, accurate and complete. (sommers, 98)

The document was written for my own personal understanding of the field. I 
want to use it so I can pick an area (one point for the document or a few) 
and delve deeper, perhaps do a masters.  If you wish to pick any topic in 
the document I will gladly give you my point of view and even research it a 
little and give you answers.

A new revision will be uploaded on the first week of July.  No major 
changes just making the document more readable.

BTW I have no practical experience in this field.  I have been researching 
computer forensics for 6+ months now in my own time.  I am a system 
administrator so I do have practical experience with how a computer works 
and different problems that might arise.

Document in question can be found at
http://www.fineartforum.org/staff/daniel

Hope this helps a little.

-Daniel

At 02:18 PM 21/06/01 +0200, you wrote:

>I think it is nice dokument! You defined a lot of problems in forensic
>science. It is time to try to find solutions.
>
>For example:
>section 1.2 Storage capacity: How to solve problem with media for disk
>images? What is the best solution? Why?
>What are the steps of disk imaging? What are the "forensic" risks of each
>step? How is possible to eliminate this risks?
>
>Practically each chapter can evoke many questions. Let's try to find right
>question and the answer will be more simple.
>
>Any experience?
>____________________________________
>Marian Svetlik

Next message: Pybus, David: "RE: wipe utilities"
Previous message: daniel heinonen: "Re: wipe utilities"
In reply to: svetlikat_private: "Re: Issues with computer forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 15:02:19 PDT