DIGITAL EVIDENCE TOOL BOX
|
|
- Allyson Shepherd
- 5 years ago
- Views:
Transcription
1 DIGITAL EVIDENCE TOOL BOX Toolbox Page 1 of 23
2 Introduction This guide is meant to provide a basic understanding of the industry standards, best practices and practical applications for the use of digital evidence by legal professionals. Purpose The purpose of this guide is to assist the legal profession to achieve a standard level of knowledge about digital evidence and the need for rapid assessment, identification and preservation in accordance with the best practices, industry standards and the rules of evidence. TABLE OF CONTENTS What is Digital Evidence 3 Standards & Best Practices 7 ISO Quality System for Digital Forensics 8 Rules of Evidence Legal Standards 9 Minimum Professional Standards 10 Computer Forensics 11 Audio/Video Evidence 13 Mobile Device Forensics 14 Call Detail & Cell Site Analysis 16 Location Data Evidence 17 Internet & Social Networking Evidence 18 Retention Schedules & Sample Letters of Preservation 19 Service Provider Subpoena Guide & Samples 20 Discovery Motions & Samples 21 Digital Evidence Work Sheets & Flow Charts 22 Toolbox Page 2 of 23
3 WHAT IS DIGITAL EVIDENCE? Digital evidence is information stored or transmitted in binary form that may be relied on in court. Digital evidence has a wider scope, can be more personally sensitive, is mobile and requires different training and tools compared with physical evidence. Types of Electronically Stored Information (ESI) Device Users Multi-media (photos, videos or audio files) Documents or spreadsheets Text messages Internet browsing history (searches, sites visited, typed addresses, bookmarks) Program files and Applications Deleted files and programs Encrypted files and folders File sharing Application data Social networking data Mobile device backups File metadata Toolbox Page 3 of 23
4 Locations of Digital Evidence Computers Mobile devices Audio/Video systems Gaming systems Social networking sites Internet service providers Common Digital Forensics Scenarios In criminal cases Theft of intellectual property such as customer lists or trade secrets Preservation orders/e-discovery Employment issues Fraud or embezzlement Inappropriate computer usage Divorce Loss of data Data Integrity Digital evidence should never be accessed as this can change data such as dates and times. Operating a computer or accessing files can change the metadata and change the evidence. Steps should be taken to ensure the integrity of the data acquired; this may include one or more of the following: Hash values (e.g., MD5, SHA-1 and SHA-256) Stored on read-only media (e.g., CD-R and DVD-R) Sealed in tamper-evident packaging Metadata Metadata is data that describes data. File metadata may be stored on the media or device which contains the file or within the file itself. Examples of metadata are creation of dates/times, author, file name, the path or location of the file. Metadata is usually created automatically by the operating system of the device on which the file was created or in some cases may be input by the user. Toolbox Page 4 of 23
5 Commercial Forensic Software Tested and reviewed commercial software technology solutions have been developed AND designed to preserve digital evidence in its original form and to authenticate it for admissibility in court. Forensic Data Acquisition The first step for investigation of digital evidence begins with the preservation of evidence through the forensic acquisition process. The forensic acquisition process is to create a verified forensic copy of the electronic data to be examined. Methods of acquiring evidence should be forensically sound and verifiable; method deviations shall be documented. Assessment Forensic examiners assess digital evidence with respect to the scope of the case to determine the course of action to take. Acquisition Examination is best conducted on a copy of the original evidence. The original evidence should be acquired in a manner that protects and preserves the integrity of the evidence. Examination The purpose of the examination process is to extract and analyze digital evidence. Extraction refers to the recovery of data from its media. Analysis The interpretation of the recovered data displayed in a logical and useful format. Toolbox Page 5 of 23
6 Documenting and Reporting Actions and observations should be fully documented throughout the forensic process. Digital Forensic Discipline The American Academy of Forensic Sciences (AAFS) identifies digital forensics as a forensic science and the processes of all forensic sciences are fundamentally the same: Detection, Preservation, Collection, Examination, Analysis and Reporting Each phase in the process must be performed in such a manner so as to preserve the integrity of the evidence and assure its admissibility. Pursuant to the best practices and industry standards, the examination of digital evidence should be conducted in accordance with a quality management system such as ISO For more information see the sections on Standards & Best Practices and ISO Quality System Toolbox Page 6 of 23
7 STANDARDS & BEST PRACTICES These guides establish recommendations for how law enforcement and crime scene investigators should handle digital evidence. Evidence on cell phones, computers and other electronically stored information can be changed or destroyed if proper techniques are not used to forensically analyze the data. The prevailing governing standards are set forth by The Scientific Working Group of Digital Evidence (SWGDE) and The National Institute of Justice (NIJ). Notes Digital evidence is easily altered or destroyed. Preservation of digital evidence is time sensitive. Each phase in the process must be performed in such a manner so as to preserve the integrity of the evidence and assure its admissibility. The examination of digital evidence should be conducted in accordance with the best practices and a quality management system such as ISO For more information see the section on Standards & Best Practices Toolbox Page 7 of 23
8 ISO QUALITY SYSTEM FOR DIGITAL FORENSICS Digital forensics is defined as a subset of the forensic discipline known as Digital and Multimedia Evidence, which involves the scientific examination, analysis and evaluation of digital evidence in legal matters. This includes acquiring and preserving digital evidence in any form, as well as analyzing computers, personal digital assistants, tablets, cellular telephones and other digital devices with a processor. The standards outlined in this document were derived from digital forensics standards and guidance published by the Scientific Working Group on Digital Evidence, the National Institute of Justice, the Department of Justice Computer Crime and Intellectual Property Section, and the National Research Council. The CIGIE Quality Standards for Investigations, Federal Rules of Evidence, and case law were also referenced. International Organization Standardization - ISO ISO is an independent, non-governmental international organization that sets specifications for products, services and systems, to ensure that they follow statutory and regulatory requirements related to a product or program quality, safety and efficiency. Pursuant to the best practices and industry standards, the examination of digital evidence should be conducted in accordance with a quality management system such as ISO Notes Written quality manual. Written technical procedures. Documented equipment testing, calibration and validation. Documented examiner proficiency. For more information see the section on ISO Quality System Toolbox Page 8 of 23
9 RULES OF DIGITAL EVIDENCE LEGAL STANDARDS Before accepting digital evidence, a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required. Many courts in the United States have applied the Federal Rules of Evidence to digital evidence in a similar way to traditional documents. Digital evidence tends to be more voluminous, more difficult to destroy, easily modified and time sensitive. Some courts have sometimes treated digital evidence differently for purposes of authentication, hearsay, the best evidence rule and privilege. Reliability Concerns A common attack on digital evidence is that digital media can be easily altered. However, in 2002 a U.S. court ruled that "the fact that it is possible to alter data contained in a computer is plainly insufficient to establish untrustworthiness." (U.S. v. Bonallo, 858 F.2d Court of Appeals, 9th). Authentication Concerns Federal Rules of Evidence 902 shows 12 non-exclusive methods that can be used for self-authentication of digital evidence. For more information see the section on Rules of Evidence Legal Standards Toolbox Page 9 of 23
10 MINIMUM PROFESSIONAL STANDARDS Although legal professionals dealing with digital evidence do not need to be able to convert decimals into hexadecimals or understand hash values, they must possess a basic knowledge of how data is stored on electronic media so that they can ask questions that will identify all sources of relevant information, develop viable plans and protect the interests of their clients. It is the responsibility of legal professionals dealing with digital evidence to be sufficiently knowledgeable to object competently to faulty evidence. Laying proper foundation qualifying the expert witness, as well as directing a competent line of questioning, rely heavily on the computer literacy of the lawyers involved. Basic Computer Literacy This includes an understanding of computers. This knowledge will enable lawyers to establish proper foundation and a proper line of questioning. Understanding of the Digital Forensics Process This includes basic knowledge of how easily digital evidence can be altered and what it means to have a proper chain of evidence, including storage and control. There should be sufficient knowledge of how evidence is collected on a computer hard drive (and on a network), how a hard drive is appropriately duplicated for forensic purposes and then searched by forensic tools. Digital evidence, by its very nature, is fragile and can be altered, damaged, or destroyed by improper handling or examination. Federal Rules of Evidence and How They Apply to Electronic Evidence The Federal Rules of Evidence are integral to understanding the process for admitting digital evidence. Survey of Case Law A thorough survey of other cases will provide an even more comprehensive understanding of the state of the practice regarding digital evidence as well as the understanding that the burden of ensuring digital evidence admissibility rests largely on objections to such evidence by opposing counsel. Toolbox Page 10 of 23
11 COMPUTER FORENSICS In many ways, computerized evidence must be dealt with the same way as any other type of evidence. It is subject to the same need for inspection, the same chain of custody requirements, and the same rules of admissibility. Counsel has to inspect computerized evidence as carefully as they would a stack of documents that were seized as evidence or any other type of physical evidence. Types of Data Users Multi-media (photos, videos or audio files) Documents or spreadsheets Internet browsing history (searches, sites visited, typed addresses) Program files Deleted files Deleted programs Encrypted files and folders File sharing Application data Social networking data Mobile device backups Financial records File metadata Toolbox Page 11 of 23
12 Notes Computer evidence is time sensitive and rapid assessment, identification and preservation is recommended. The amount of data recovered through forensic process from one computer is enormous, but examiners can narrow the parameters to create a more manageable amount of data to examine. Although more cases now involve mobile devices, computers sometimes have backed up images of a user s mobile device making it a valuable source of data and should not be overlooked. For more information see the section on Computer Forensics Toolbox Page 12 of 23
13 AUDIO/VIDEO EVIDENCE Digital audio and/or video recordings may be recoverable by forensic tools if the examination is conducted before the data is overwritten or permanently deleted by the device operating system. Poor quality recordings can be enhanced using accepted methods and technology. Common Sources of Audio & Video Evidence Cell phone video Social media Digital surveillance camera system Voice mail recordings 911 dispatch recordings Police recorded witness interviews Notes System time and date could be incorrect. Videos copied at a different frame rate could drop frames. Videos copied at a different aspect ratio could distort the image. Videos should be obtained in native format with proprietary player. A second copy should also be obtained in a universal format. For more information see the section on Audio/Video Toolbox Page 13 of 23
14 MOBILE DEVICE FORENSICS Obtaining digital evidence from mobile devices can present many challenges in conducting forensically sound investigations in this constantly evolving field. Early identification of sources of evidence, not only from the device itself, but from other sources such as service providers, cloud sources and backup files can result in the successful preservation of key evidence. The best practices require rapid assessment, proper handling and preservation to prevent the permanent loss of data in cases involving all digital evidence. Types of Data Device users, settings, languages and time zone information Contacts, calendar, Multi-media (photos, videos or audio files) Location data: GPS and Cell networks MMS (Multimedia Message Service) and SMS (Short Message Service) text messages Internet browsing history (searches, sites visited, typed addresses) Installed Applications and app file system data Deleted files and programs Encrypted files and folders Social networking data Mobile device backup information (tethering information) Financial records File metadata Wi-Fi networks Connected Bluetooth devices Toolbox Page 14 of 23
15 Non-Digital Evidence Other forms of evidence are generated from mobile devices and may be used to validate forensic results such as provider billing records or be used to show location such as historic cell site analysis. Internet service providers are also a possible source of related non-digital evidence. For more information see the sections: Mobile Devices Call Detail & Cell Site Analysis Location Data Retention Schedules Subpoena Guide & Samples Toolbox Page 15 of 23
16 CALL DETAIL & CELL SITE ANALYSIS Location data is collected by obtaining historical call detail records from the cellular carrier along with a listing of the cell site locations for that carrier. This data is then analyzed for the purpose of generally placing a cell phone in a location on a map. Often historical cell site records only indicate the date, time and duration of calls, whether calls are inbound or outbound and show the originating and terminating cell sites for calls received or placed on the phone. Notes No published principles or methods governing the estimation of cell site coverage area. Many factors determine which site a device connects to, not necessarily the closest or strongest. All sites do not provide the same range and coverage can vary due to changing environmental factors. Locations identified by circles or pie shapes, bolstered by expert testimony, gives an incorrect impression. Service provider propagation maps may not reflect the state of the network during the exact time frame in question due to many changing variables. The data retention periods varies between the service providers and data types. For more information see the section on Call Detail & Cell Site Analysis Toolbox Page 16 of 23
17 LOCATION DATA Location information from mobile devices is typically obtained using the following: 1. Cell Ping or triangulation may be used to determine the phone s real time location. 2. Stingray device may be used to determine the phone s real time location and intercept its information. 3. Wi-Fi - Bluetooth tracking is short range tracking (such as within the same room or the same building) and can be a highly accurate, but needs to be turned on. 4. Applications and web browsing used by a mobile device determines location, often using GPS, and displays the position on the map. The data is saved in the device as well as on the user s account profile. 5. Global Positioning System based on satellites which are considered extremely accurate, but weather conditions could affect accuracy. 6. Malware phone could read private data on the device or activate the device's sensors such as microphone, camera, and GPS. 7. Historic call detail records can only narrow location to the geographic coverage area of the originating and terminating cell sites, rather than pinpoint the specific location of the cell phone. For more information see the section on location data Toolbox Page 17 of 23
18 INTERNET AND SOCIAL NETWORKING EVIDENCE The internet and social media is not only useful in family and criminal litigation, but can influence personal injury, workers compensation, product liability, and commercial litigation and employment cases. Some Examples of These Sites Include: Social networks such as Facebook and LinkedIn Blog sites such as Twitter and WordPress File sharing sites such as YouTube, Pinterest, Tumblr, Instagram and Flickr Activity and review sites such as Foursquare and Yelp Web based such as AOL, Gmail and Yahoo Mail Preservation Considerations It is dynamic and can change with usage. It can be deliberately destroyed or altered. It can be altered due to improper handling and storage. When it comes to admission of social media evidence it appears that the key issue for the court is a fear of fabrication. Notes Rapid identification, assessment and preservation are the first steps in using internet social media evidence. A defined set of best practices and industry standards exists governing the preservation and analysis of internet and social media evidence. If information can be accessed through public means without deceptively requesting the information from the individual or one of the individual s friends, it is fair use. For more information see the section on Internet and Social Networking Evidence Toolbox Page 18 of 23
19 RETENTION SCHEDULES-SAMPLE LETTERS Service Provider Records Subscriber Information Call Detail Records Cell-Site Locations Call Detail Retention The retention periods varies between the service providers and data types. A complete copy of the retention schedule is available in the Digital Evidence Toolbox/Retention Schedule-Sample Letters. Letters of Preservation May extend the retention period for 90 days and be extended. Notes Rapid identification, assessment and preservation are the first steps in obtaining service provider records. Retention periods vary by provider and data type. For more information see the section on Retention Schedules-Sample Letters Toolbox Page 19 of 23
20 SUBPOENA GUIDE & SAMPLES An up to date guide for issuing subpoenas to internet and cell phone service provides, includes samples. Notes Establish ownership of a device. Authentication and Admissibility. For more information see the section on Subpoena Guide & Samples. Toolbox Page 20 of 23
21 DISCOVERY MOTIONS & SAMPLES Contents Recommended Language - Motion for Discovery of Audio & Video Evidence Recommended Language - Motion for Discovery of Computer Evidence Recommended Language - Motion for Discovery of General Digital Evidence Recommended Language - Motion for Discovery of Mobile Device Evidence Notes Industry standards recommend that a full report and copy of the original evidence file and proprietary file viewer be requested. Rapid assessment, identification and preservation are the first steps in obtaining service provider records. If information can be accessed through public means without deceptively requesting the information from the individual or one of the individual s friends, it is fair use. For more information see the section on Discovery Motions & Samples Toolbox Page 21 of 23
22 WORKSHEETS & FLOW CHARTS Contents 1. Rapid Assessment Guide For Cell Phone Evidence Preservation 2. Levels of Mobile Device Acquisition 3. NIJ Collecting Digital Evidence Flow Chart 4. Sample Consent To Search Form Digital Evidence Toolbox: For more information see the section Worksheets & Flow Charts. Toolbox Page 22 of 23
23 For more information on digital forensics and digital evidence, call now and speak with a certified expert. IRIS LLC is available 24 hours in emergency cases. Toll-free: irisllc@irisinvestigations.com Toolbox Page 23 of 23
MOBILE DEVICE FORENSICS
MOBILE DEVICE FORENSICS Smart phones and other handheld electronics have become an important part of our everyday lives and the ever changing technology is making these devices a major source of digital
More informationLOCATION DATA. Location information from mobile devices is typically obtained using the following:
LOCATION DATA Location information from mobile devices is typically obtained using the following: 1. Cell PING (Triangulation) 2. Stingray device 3. Wi-Fi, Bluetooth tracking 4. Apps and Web browsing 5.
More informationTrends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationDigital Evidence for the Domestic Practitioner
Digital Evidence for the Domestic Practitioner Presented by: Simon Ragona III, EnCE, CCE, ACE, Director Kyle Poppenwimer, CCE, ACE, Senior Digital Forensic Examiner T&M Protection Resources, LLC 230 Park
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationNATIONAL COMMISSION ON FORENSIC SCIENCE
NATIONAL COMMISSION ON FORENSIC SCIENCE Recommendation for the Accreditation of Digital and Multimedia Forensic Science Service Providers 1 Subcommittee Date of Current Version 25/02/16 Accreditation and
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationScientific Working Groups on Digital Evidence and Imaging Technology
SWGDE/SWGIT Guidelines & Recommendations for Training in Digital & Multimedia Evidence Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE/SWGIT request
More informationApplications for Preservation and Production in our Digital World
Applications for Preservation and Production in our Digital World Gavin W. Manes, Ph.D. President, Digital Forensics Professionals, Inc. Research Assistant Professor, The University of Tulsa Background
More informationThe Trustworthiness of Digital Records
The Trustworthiness of Digital Records International Congress on Digital Records Preservation Beijing, China 16 April 2010 1 The Concept of Record Record: any document made or received by a physical or
More informationEmployee Privacy, Digital Evidence, and the CFE. Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC
Employee Privacy, Digital Evidence, and the CFE Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC The Good Old Days CFE s Aerial View 1. What Information
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationDigital Forensics for Attorneys
Lars E. Daniel, EnCE, ACE, AME, CTNS Digital Forensics Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationChecklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery
Checklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery To aid and advance the ability for a litigation to successfully employ computer-based discovery, Rule 16(c) of the Federal Rules
More informationThe Use of Technology to Enhance Investigation
The Use of Technology to Enhance Investigation Of High Profile Corruption Cases. Centre for Socio-Legal Studies Objectives By the end of this keynote, participants will be knowledgeable on: 1. Open Source
More informationMatt Danner Flashback Data
Preservation Strategies and Data Collection from a Forensic Expert's Point of View Best practices on executing preservation and administering collection protocols with emphasis on forensically sound methods
More information8/28/2017. What Is a Federal Record? What is Records Management?
Ramona Branch Oliver US Department of Labor What Is a Federal Record? Records include all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical
More informationHow to Like E-Discovery, Security and Social Media. Dr. Gavin W. Manes, CEO
How to Like E-Discovery, Security and Social Media Dr. Gavin W. Manes, CEO Gavin W. Manes, Ph.D. CEO, Avansic Doctorate in Computer Science from TU Scientific approach to e- discovery Published over fifty
More informationTest Results for Mobile Device Acquisition Tool: Zdziarski s Method
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Test Results for Mobile Device Acquisition Tool: Zdziarski s Method October 2010 37 38 38 October 2010
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationUse of Personal Mobile Phone Whilst on Duty
Use of Personal Mobile Phone Whilst on Duty (Incorporating Smartphones and Hand Held Devices) Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland
More informationTHE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.
THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.FFa) BROCHURE Contents INTRODUCTION... 3 THE IICFA... 4 Basic Entry qualifications...
More informationCertification. Forensic Certification Management Board. Robert J. Garrett, Director
Certification Forensic Certification Management Board Robert J. Garrett, Director Crime Lab Accreditation and Certification Essentials National Clearinghouse for Science, Technology, and the Law What is
More informationCOMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
More informationScientific Working Group on Digital Evidence
SWGDE Best Practices for Digital & Multimedia Evidence Video Acquisition from The version of this document is in draft form and is being provided for comment by all interested parties for a minimum period
More informationScientific Working Group on Digital Evidence
SWGDE Best Practices for Digital & Multimedia Evidence Video Acquisition from Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification
More informationSouthington Public Schools
3543 POLICY REGARDING RETENTION OF ELECTRONIC RECORDS AND INFORMATION I.POLICY The Board of Education (the Board ) complies with all state and federal regulations regarding the retention, storage and destruction
More informationSnap Inc. Law Enforcement Guide
Snap Inc. Law Enforcement Guide Last Updated: April 27, 2018 Download the most recent version at: https://www.snapchat.com/lawenforcement Mailing Address: Custodian of Records Snap Inc. 63 Market Street
More information5/6/2013. Creating and preserving records that contain adequate and proper documentation of the organization.
Jay Olin National Archives Ramona Branch Oliver Department of Labor ASAP 6 th Annual National Training Conference May 12-15, 15, 2013 What Is a Federal Record? Records include all books, papers, maps,
More informationRMU-IT-SEC-01 Acceptable Use Policy
1.0 Purpose 2.0 Scope 2.1 Your Rights and Responsibilities 3.0 Policy 3.1 Acceptable Use 3.2 Fair Share of Resources 3.3 Adherence with Federal, State, and Local Laws 3.4 Other Inappropriate Activities
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationCOMP116 Final Project. Shuyan Guo Advisor: Ming Chow
Digital Forensics with ios Devices COMP116 Final Project Shuyan Guo Shuyan.guo@tufts.edu Advisor: Ming Chow Abstract This project focuses on ios device forensics. The study provides a general overview
More informationBYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationAccessData offers a broad array of training options.
Forensics Training AccessData offers a broad array of training options. Our trainers have more than two centuries of cumulative experience in their respective fields. Take Advantage of the All Access Pass
More informationCellebrite Digital Forensics for Legal Professionals (CDFL)
Global forensic training Course description Level Intermediate Length Two days (14 hours) Training Track Investigative The two-day Cellebrite Digital Forensics for Legal Professionals course is designed
More informationRecords Information Management
Information Systems Sciences Records Information Management Region V Spring Conference March 26, 2015 Was I supposed to keep that 1 Where did we store that 2 Space Issues. Need storage space for a classroom
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationTHINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte
Inside magazine issue 16 Part 03 - From a risk and cyber perspective perspective Roland Bastin Partner Risk Advisory Deloitte Gunnar Mortier Senior Manager Risk Advisory Deloitte THINGS YOU NEED TO KNOW
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationUnderstanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
More informationIRIS LLC Sample Interrogatories for Electronic Discovery. UNITED STATES DISTRICT COURT DISTRICT OF [Jurisdiction]
IRIS LLC Sample Interrogatories for Electronic Discovery UNITED STATES DISTRICT COURT DISTRICT OF [Jurisdiction] Court File No.: Plaintiff, INTERROGATORIES TO [Party Name v. Defendant, I. Definition. The
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationFORENSIC LABORATORY DEVELOPMENT AND MANAGEMENT: INTERNATIONAL BEST PRACTICES BY AGWEYE, BENEDICT HEAD OF FORENSICS, EFCC
FORENSIC LABORATORY DEVELOPMENT AND MANAGEMENT: INTERNATIONAL BEST PRACTICES BY AGWEYE, BENEDICT HEAD OF FORENSICS, EFCC DISCLAIMER THIS PAPER IS NOT A LEGAL ADVISE OR OPINION IT DOES NOT SPEAK FOR OR
More informationVocabulary Bank organized by module
Vocabulary Bank organized by module Module 1: Choosing a Computer Application: also called an "app," it is computer software created for a particular task or tasks; it is increasingly used to mean software
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationPolicy Summary: This guidance outlines ACAOM s policy and procedures for managing documents. Table of Contents
Policy Title: Approved By: ACAOM Commissioners History: Policy Implementation Date: 28 October 2016 Last Updated: Related Policies: ACAOM -Records Retention Schedule References: Responsible Official: ACAOM
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationAAPA. Legal Issues and Record Retention. SML, Inc. Steve M. Lewis, President and CEO
AAPA Legal Issues and Record Retention May 15, 2013 SML, Inc. Steve M. Lewis, President and CEO 813.205.2850 stevemlewis@msn.com www.smlinfo.net TABLE OF CONTENTS Page CORPORATE OR PUBLIC RECORDS 3 Copy
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified Management System Auditor www.pecb.com The objective of the PECB Certified Management System Auditor examination is to ensure that the candidates
More informationDuncanPowell RESTRUCTURING TURNAROUND FORENSIC
Forensic Technology and the Cloud DuncanPowell RESTRUCTURING TURNAROUND FORENSIC 12 October 2017 DucanPowell Forensic Team Peter Lanthois Partner Office: (08) 8223 8107 Mobile: 0407 258 959 Email: planthois@duncanpowell.com.au
More informationPresenter Name. Date
Presenter Name Date Smartphone Forensics! Henry E. Saint-Fleur Antenna NFC microchip Presenter Name Date Smartphone Forensics Background Henry Saint-Fleur! Background! Computer Science / Network Administration
More information25 ESI and E-Discovery Terms. (in 75 minutes!) for Mediators
25 ESI and E-Discovery Terms (in 75 minutes!) for Mediators chopkins@mcdonaldhopkins.com Christopher Hopkins M c D o n a l d H o p k i n s L L C W e s t P a l m B e a c h Lawyer, mediator, and arbitrator.
More informationDIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING
17.09.24 DIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING FORENSICS FRAMEWORK FOR CLOUD COMPUTING OUTLINE Abstract Introduction Challenges in cloud forensics Proposed solution Conclusion Opinion
More informationMichael McCartney, President
Michael McCartney, President Litigation Landscape Computer Forensics Overview Forensic Data vs. Non-Forensic Dangers of Hard Drives Forensic Process HR Escrow Proactive Forensics Pit falls to avoid 1 650
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSAMPLE LITIGATION HOLD NOTICES
Business & Litigation Support ediscovery: COLORADO RULES, CASE LAW & SAMPLE LITIGATION HOLD NOTICES HTTPS://SHOLLEREDWARDS.COM/LITIGATION-AND-SUPPORT/ 1.855.649.5884 CONTENTS Litigation Trigger... 3 Scope
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationRetention & Archiving Policy
Retention & The IES has a responsibility to look after the personal data we collect, including information about our members, employees, event attendees and people browsing our websites. As outlined in
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationScientific Working Group on Digital Evidence
The version of this document is in draft form and is being provided for comment by all interested parties for a minimum period of 60 days. SWGDE encourages stakeholder participation in the preparation
More informationUniversity Policies and Procedures ELECTRONIC MAIL POLICY
University Policies and Procedures 10-03.00 ELECTRONIC MAIL POLICY I. Policy Statement: All students, faculty and staff members are issued a Towson University (the University ) e-mail address and must
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationWHITE PAPER. Distribution Substation Outage Investigations. Overview. Introduction. By Ahmad Shahsiah, Ph.D., P.E. March 2018
WHITE PAPER Distribution Substation Outage Investigations By Ahmad Shahsiah, Ph.D., P.E. March 2018 Overview Electrical distribution systems in the United States served approximately 152 million customers
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has
More informationDigital Evidence: I know it s there, how do I get it?
: I know it s there, how do I get it? January 24, 2019 Matthew Rollins Senior Assistant District Attorney Paulding County Judicial Circuit Josh Reed Network Intrusion Forensic Analyst United States Secret
More information3/13/2018. Legal Hold Notices, the Duty to Preserve, and Electronically Stored Information ( ESI ) What is Electronically Stored Information ( ESI )?
Legal Hold Notices, the Duty to Preserve, and Electronically Stored Information ( ESI ) What Every In-House Attorney Needs to Know Presented by Mike Seitz, Attorney at Spencer Fane LLP March 14, 2018 What
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified OHSAS 18001 Lead Auditor www.pecb.com The objective of the PECB Certified OHSAS 18001 Lead Auditor examination is to ensure that the candidate
More informationFEATURES & BENEFITS. Key word search function both inside and outside projects. Intuitive application makes creating profiles quick and easy
R2S Forensic provides R2S software and media support capabilities that assist in effective law enforcement, criminal investigation and public protection. We work with police forces, legal bodies, government
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationAirplane mode Android app application Back key bandwidth
1G First-generation analog wireless telephone technology. 2G Second-generation wireless technology, the first digital generation and the first to include data services. 3G Third-generation wireless telephone
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationA B C D E F G H I J K L M N O P Q R S T U V W X Y Z
This glossary provides definitions of terms and acronyms that are used in Premier as well as informative industry terms. Select the first letter of the word you want to find. A B C D E F G H I J K L M
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationPayThankYou LLC Privacy Policy
PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 17025 Lead Auditor The objective of the PECB Certified ISO/IEC 17025 Lead Auditor examination is to ensure that the candidate possesses the needed expertise
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationRecords Management and Retention
Records Management and Retention Category: Governance Number: Audience: University employees and Board members Last Revised: January 29, 2017 Owner: Secretary to the Board Approved by: Board of Governors
More informationUnit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15
Unit 49: Digital Forensics Unit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15 Aim To provide learners with an understanding of the principles of digital forensics and the impact on
More informationMobility Policy Bundle
Version 2018-02 Mobility Policy Bundle Table of Contents This document contains the following policies: BYOD Access and Use Policy (revised 02/2018) Mobile Device Access and Use Policy (revised 02/2018)
More informationBCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement
BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance
More informationSymantec Document Retention and Discovery
IT POLICY COMPLIANCE Symantec Document Retention and Discovery A state-of-the-art solution that simplifies the discovery of email and other files, enhances litigation readiness, and helps ensure compliance
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 14001 Lead Auditor examination is to ensure that the candidate
More informationE-DISCOVERY. The process in which electronic data is sought, located, secured, using it as evidence in a civil or criminal legal case.
E-DISCOVERY The process in which electronic data is sought, located, secured, and analyzed with the intent of using it as evidence in a civil or criminal legal case. I. Guidance Regarding the Amended Federal
More informationPIONEER TRAINING INSTITUTE
PIONEER TRAINING INSTITUTE CENTRE FOR DISTANCE & ONLINE LEARNING DIPLOMA IN SECURITY MANAGEMENT OUTLINE SECURITY MANAGEMENT STUDIES Pioneer Training Institute has specifically identified security management
More informationVideo and Audio Recordings Video and audio recordings of activities continue to
Chapter 3 Video and Audio Recordings Video and audio recordings of activities continue to become prevalent in investigations of criminal activity. Recordings include surveillance tapes recordings of criminal
More informationPROVIDING INVESTIGATIVE SOLUTIONS
PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely
More informationCleveland State University General Policy for University Information and Technology Resources
Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationPolicies & Regulations
Policies & Regulations Email Policy Number Effective Revised Review Responsible Division/Department: Administration and Finance / Office of the CIO/ Information Technology Services (ITS) New Policy Major
More informationMobile Devices. Questions. NCJRL ICAC Webinar Mobile Devices October 25, Don Mason Associate Director, NCJRL. Presenter
Mobile Devices Presenter Don Mason Associate Director, NCJRL 662-915-6898 drmason@olemiss.edu Questions Feel free to email any time to: drmason@olemiss.edu Please include your phone number In case it might
More informationManaging Official Electronic Records Guidelines
Application and Scope of Guidelines Managing Official Electronic Records Guidelines These guidelines are meant to assist Government Institutions in understanding responsibilities and concerns that must
More informationOrganization of Scientific Area Committees for Forensic Science (OSAC)
Stetson University College of Law Essentials in Forensic Science and the Law Webinar Series Organization of Scientific Area Committees for Forensic Science (OSAC) Mark D. Stolorow Director for OSAC Affairs
More information