RE: Future trends in computer forensics

From: Chris Budge (Chris@e-Crime.co.nz)
Date: Tue Oct 22 2002 - 17:04:40 PDT

Next message: Morris, Rod: "RE: Future trends in computer forensics"

Previous message: H C: "Education, was => RE: Future trends"
In reply to: Douglas K. Fischer: "RE: Future trends in computer forensics"
Next in thread: Morris, Rod: "RE: Future trends in computer forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,  Down in NZ I have had (2) large companies in last ten days, who have
links or a major shareholders in the USA, require incident management plans
which include a specific Computer Forensic response to enable evidence to be
admissible in court.

The IT staff produced a 'small' document which was immediately rejected by
US legal staff.
As such, we wrote a plan, including an external CIRT (Which included
practice incidents) which shocked the IT and HR staff (Do not know
CEO/Managemnt response) but was accepted by the US.  The point really is
that the premise of the IT staff is to fix the problem and the premise for
CF specialists is to preserve, as previously stated on the list.

Recent case, yes there are thousands worldwide, where the External IT
consultant did not want a server (Power Edge) to be removed out of a third
party suppliers server room.  There was controlled access by 24/7 staff.
The acquisition could only be completed over a network cable (due to other
difficulties) which ran for 2 days, at 0730 on the Monday morning the duty
IT technician (not 24/7 staff) went in, disconnected the network cable and
removed the floppy disk to restart the machine, without auth and without
reference to the very big notice that said do 'not touch'.  I arrived 45 min
later and had a fit and had to do it again (downtime for the client and the
evidence to go to court).

CF specialists need to impress upon the IT staff that the 'exhibit' is under
our control for very good reason.  They should work within their knowledge
base and respect ours.  As time goes by one hopes the professionalism of CF
trade will grow and the non-law enforcement needs be met.

Chris Budge
e-Crime (NZ) Limited
Phone: +64-9-428 1413
Fax: +64-9-428 1417
Mobile: +64-21-270 9581
Email: chrisat_private
       kiwiat_private
Web: http://www.FighteCrime.co.nz

Warning: This email contains information which is CONFIDENTIAL and may also
be LEGALLY PRIVILEGED.  If you are not the intended recipient you must not
peruse, use, disseminate, distribute or copy this email or attachments.  If
you have received this in error, please notify us immediately by return
email, facsimile or telephone (call us collect) and delete this email.
Thank you.




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Morris, Rod: "RE: Future trends in computer forensics"
Previous message: H C: "Education, was => RE: Future trends"
In reply to: Douglas K. Fischer: "RE: Future trends in computer forensics"
Next in thread: Morris, Rod: "RE: Future trends in computer forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 27 2002 - 10:21:32 PST