('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus In-Reply-To: <4.3.2.7.2.20011107231915.0116b890at_private> Daniel, First let me say, great links! Very informative. After reading so many posts that refer to just tools (ie, Linux 'dd' vs. some other tool, etc), it's refreshing to see links that point to some of the really important aspects of forensics investigations...methodology and documentation. >I believe it has elements of both a science and a discipline I don't want to get into a quasi-religious flame war over semantics here, but I think that forensics is a bit of both science and discipline. It's part science, as Daniel pointed out, b/c of the requirements and methodologies used. It's also part discipline, again as Daniel pointed out, due to a need for research in the community...not only to expand the community's knowledge, but also to expand the individual's knowledge. Self-study and research are required of the individual, as well. Computer forensics has been seen (at least up until recently) as something of a 'black art', not unlike, say, penetration testing. However, any sufficiently advanced technology would appear as 'magic' to the uninitiated...refer to the '91 AF OSI case in which a 5 1/4 in. floppy was cut into 24 (23??) pieces with pinking shears, and yet the necessary evidence was recovered. At it's core, computer forensics is much like any other science, in that it requires knowledge and study, as well as detailed documentation of processes, methodologies, and evidence. Further, the methodologies are very important, particularly in court cases...the steps used must be reproduceable. >>3.Are there laws governing electronic evidence in US, and other countries > >Well yes. If you make a nice table can i get a copy : ) > Most definitely! With many companies having a global presence these days, such a resource would provide for easy reference. Carv ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 05:55:18 PST