Marian, I have been told that police in my area backup all information to CD after they have collected evidence. I don't like the idea of this because I have had CD's die on me after a few years. Mind you if stored correctly some people argue that they last forever, other people argue they do not. I am talking to some people in the library achieves to see what research they have done on this. My thought is pick a format and make sure you are able to support it for as long as possible. Try to avoid proprietary formats and that sort of thing. Risks can only be avoided if you know about them. Correct procedures and understanding and consistency help alot. Good document on this is: http://www.securityfocus.com/focus/ih/articles/crimeguide1.html http://www.cops.org/ under procedures has how to examine a hard drive. Untrained examiner, lack of documentation, in proper chain of custody, use of methods that are not transparent. Evidence must be authentic, accurate and complete. (sommers, 98) The document was written for my own personal understanding of the field. I want to use it so I can pick an area (one point for the document or a few) and delve deeper, perhaps do a masters. If you wish to pick any topic in the document I will gladly give you my point of view and even research it a little and give you answers. A new revision will be uploaded on the first week of July. No major changes just making the document more readable. BTW I have no practical experience in this field. I have been researching computer forensics for 6+ months now in my own time. I am a system administrator so I do have practical experience with how a computer works and different problems that might arise. Document in question can be found at http://www.fineartforum.org/staff/daniel Hope this helps a little. -Daniel At 02:18 PM 21/06/01 +0200, you wrote: >I think it is nice dokument! You defined a lot of problems in forensic >science. It is time to try to find solutions. > >For example: >section 1.2 Storage capacity: How to solve problem with media for disk >images? What is the best solution? Why? >What are the steps of disk imaging? What are the "forensic" risks of each >step? How is possible to eliminate this risks? > >Practically each chapter can evoke many questions. Let's try to find right >question and the answer will be more simple. > >Any experience? >____________________________________ >Marian Svetlik
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 15:02:19 PDT