Pat
I've heard success stories from members of this community that
have done their time in court on the admittance of logical files and/or
printed versions of such files, usually emails. But, in the development
of standards we have gotten away from logical file approaches in favor of
processes that allow for repeatability. A full image increases court
confidence and can help if opposing counsel challenges your handling
methods.
I am confident that a large percentage of the members on this list
will agree that chain of evidence handling and a full image of digital
media are key in a national and international standard.
Thanks,
Matthew Brown, CISSP
pat.beardmoreat_private
07/03/2001 01:42 AM
To: forensicsat_private
cc:
Subject: Preview in Encase (or other package) rather than image
Before I give my own opinions, has anyone come across the practice of
previewing a drive and then taking off the relevant files rather than
doing
a full image.
Does anyone want to comment on the advantages and disadvantages of this
methodology?
thanks,
Patrick Beardmore
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 14:12:25 PDT