The PROCESS should be the starting point. Once the PROCESS is agreed upon, then the focus should be on the procedures and specific technologies. Using the PROCESS as the guide, the procedures can be created by the specific platform experts and tested by the novices. Consider adding the procedures as appendices. We can't ignore the technology just because it is changing so fast. I don't mean imply that you folks write a book, but there should be enough technical detail in the procedures that they cannot be misinterpreted by anyone, whether lawyer, judge, technical or John-Q-Public. Laurie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ First time posting, long time lurking ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is my opinion, and does not reflect the opinion of my employer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Laurie Tyzenhaus ISTP Technical Expert DOE - CH Office of Counterintelligence 9800 S. Cass Avenue Argonne, IL 60439 Voice: 630-252-6773 Email: Laurie.Tyzenhausat_private -----Original Message----- From: Ralph S. Hoefelmeyer [mailto:ralph.hoefelmeyerat_private] Sent: Monday, May 05, 2003 10:48 PM To: Kruse, Warren G, II (Warren); 'Matías Bevilacqua-Brechbühler Trabado'; 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensicsat_private Subject: RE: Computer Forensics Process Process is the glue that binds the procedures and the technology in a legal sense. Develop a process. Match procedures to that process. Match the current technologies to the procedures. Develop methods to layer in new technologies as they appear. Technologies are changing at a very fast pace, and it will only get faster. We need to ensure the forensics process will provide a legally binding link between the procedures and the technologies that will withstand legal scrutiny. Part of this process will be a procedure for explaining complex technical issues in layman's terms to juries and/or judges with little technical knowledge. Ralph S. Hoefelmeyer, CISSP Senior Engineer, Cyborg MCI Strategic and Intelligent QA/Test 719.535.4576 Office "Security is a process, not a product" : Bruce Schneier -----Original Message----- From: Kruse, Warren G, II (Warren) [mailto:wgkruseat_private] Sent: Monday, May 05, 2003 12:23 PM To: 'Matías Bevilacqua-Brechbühler Trabado'; 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensicsat_private Subject: RE: Computer Forensics Very true, that plus the technology changes so fast. We fought that problem for two years when we were writing our computer forensics book. You don't want it to be outdated before it hits the shelves. -wk Warren G. Kruse II, CISSP, CFCE Investigations Manager Lucent Technologies 732-949-8713 wgkruseat_private -----Original Message----- From: Matías Bevilacqua-Brechbühler Trabado [mailto:mbevilacquaat_private] Sent: Sunday, May 04, 2003 2:45 PM To: 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensicsat_private Subject: RE: Computer Forensics > > Will it be only technical procedures or will it integrate > some kind of > > process like "In case of a crisis situation" process ? > > This is the heart of what annoys me about computer forensics books. > They are excellent resources for methodology and procedure but are > void of most any hands-on technical information. It would be very > nice to have a reference of hands-on technical information to consult > when performing different types of forensics scenarios. This is because Computer Forensics depends so much on methodology and procedures. Both are critical for a successful Forensic process. I will be taking this into consideration when creating the survey I talked about, let's see what the rest of the community thinks about it. Regards, Matías Bevilacqua Trabado CYBEX ___________________________________________________________________ PGP-ID: 0x40A4869F PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F ___________________________________________________________________ CYBEX Grupo Intelligence Bureau Rambla de Catalunya, 32 4º-2ª 08007 Barcelona-SPAIN Tel. 93 215 53 23 Fax. 93 215 50 72 http://www.cybex.info ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 14:40:23 PDT