Digital Forensics for Attorneys
|
|
- Maude Cox
- 5 years ago
- Views:
Transcription
1 Lars E. Daniel, EnCE, ACE, AME, CTNS Digital Forensics Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence Acquisition (Collection) and Preservation Experts, Evidence and Analysis Understand Forensic Experts vs. Computer Experts Digital evidence: discovery and usage Analysis Challenging Digital Evidence In The Beginning 1
2 2
3 Digital Footprints Digital evidence in 80% of cases 5+ billion cell phone subscriptions By 2013 there will be over 1 trillion devices connected to the Internet Digital Forensics Not Only Computers Computer Forensics Computers and Data Storage Devices Hard drives, USB thumb drives, Backup Tapes, Media cards Social Media Forensics Facebook, Twitter, Chat, MySpace, Internet Presence on Blogs, Message Boards Forensics Back tracking s recovery authentication 3
4 Digital Forensics The Sub-Disciplines Peer to Peer Forensics File sharing via Limewire, BitTorrent, Gigatribe, itunes, others Cell Phone Forensics Call logs, contacts, text messages, pictures, movies, geo-location Cellular Evidence Forensics Cell phone record analysis, Cell phone ping analysis, Cell tower mapping Typical Case Types: Murder, Kidnapping, Drugs Digital Forensics The Sub Disciplines Digital Video and Image Forensics Security Video, Camera Video, Pictures Audio Forensics Police Interviews, Police Radio Recordings, Wiretaps GPS (Global Positioning Systems) Data from GPS units, Logs from GPS tracking, House Arrest Some Basics 4
5 Common Mistakes Calling these monitors, CPUs, Hard Drives, etc. CPU CPU Central Processing Unit Only performs calculations. Stores nothing. The brain of the computer. Inside The Computer RAM Random Access Memory Only contains data while the computer is turned on. Temporary processing storage only used while operating the computer. Is cleared when the computer shuts down or re-starts. 5
6 Inside The Computer The Hard Drive stores the evidence... Inside The Computer Hard drives today can store millions of Pictures Music files Movies Passwords s Web Pages Chats These are hard drives too. 6
7 Digital Evidence Digital Evidence Digital Evidence 7
8 Digital Evidence Overview Digital Forensics Four Primary Areas of Focus Acquisition (Collection) Obtaining the original evidence items Making forensic copies of original evidence Preservation Protecting the original evidence items Analysis Finding evidence Presentation Reporting findings and testimony Digital Forensics Foundations The foundation of digital forensics is the ability to collect, preserve and recover data in a forensically sound manner. Forensic Processes and Tools must be: 1. Predictable 2. Repeatable 3. Verifiable Forensic Documentation must include: Unbroken Chain of Custody Documentation of all actions taken 8
9 Digital Forensics The Sub-Disciplines Computer Forensics Computers and Data Storage Devices Typical Case Types: All Social Media Forensics Facebook, Twitter, Chat, MySpace, Internet Presence on Blogs, Message Boards Typical Case Types: Infidelity, Libel and Slander, Employee Wrongdoing Forensics Back tracking s recovery Typical Case Types: Murder, Rape, Infidelity, Sexual Harassment, Child Pornography Digital Forensics The Sub-Disciplines Peer to Peer Forensics File sharing via Limewire, BitTorrent, others Typical Case Types: Child Pornography, Copyright Violations, Data Theft Cell Phone Forensics Call logs, contacts, text messages, pictures, movies, geolocation Typical Case Types: Murder, Sexting, Infidelity, Rape, Kidnapping, Drugs Cellular Evidence Forensics Cell phone record analysis, Cell phone ping analysis, Cell tower mapping Typical Case Types: Murder, Kidnapping, Drugs Digital Forensics The Sub Disciplines Digital Video and Image Forensics Security Video, Camera Video, Pictures Typical Case Types: Murder, Theft, Employee Misconduct, Wrongful Death Audio Forensics Police Interviews, Police Radio Recordings, Wiretaps Typical Case Types: Murder, Conspiracy, Wrongful Death GPS (Global Positioning Systems) Data from GPS units, Logs from GPS tracking, House Arrest Typical Case Types: Murder, Parole Violations, Kidnapping 9
10 Acquiring (Collecting) and Handling Digital Evidence Digital forensics requires forensically sound acquisitions. Defensible Practices Proper Chain of Custody Verification of evidence Proper documentation Acquisition (Collection) First contact with the original evidence. Most critical time for protecting the originals. Most likely time for police or others to damage or change evidence. General rules MUST be followed to preserve and protect evidence during this critical first response period. First point in establishing chain of custody. Polices for Law Enforcement are published by the National Institute for Justice Acquisition (Collection) First responders should be trained to handle this type of evidence. Digital evidence is fragile. Digital evidence is easily altered if not handled properly. Simply turning a computer on or operating the computer changes and damages evidence. 10
11 What Is Forensically Sound? This is Not Forensically Sound 11
12 This is Forensically Sound Verification Must Be Done 12
13 Organization of Logical Data on a Hard Drive Physical Acquisition A complete mirror image of the physical storage media, also referred to as a bit-stream copy. Gets everything, including deleted data and unallocated space Collected in forensic format that is easily verifiable Meets the standards for original evidence Supports full chain of custody Cannot be contaminated. 13
14 Two Types of Deleted Data 14
15 Preservation Once digital evidence is seized it must be handled carefully to preserve and protect the evidence. Everything should be tagged. No one should operate or preview any evidence on writable media without proper tools and training. Forensically sound copies of all original evidence must be made before analysis. Records must be kept. Fragile Nature of Digital Evidence The simple act of turning a computer on can destroy or change critical evidence and render that evidence useless. Maryland State Police - Criminal Enforcement Command -Computer Crimes Unit Even the normal operation of the computer can destroy computer evidence that might be lurking in unallocated space, file slack, or in the Windows swap file. Computer Forensics, Computer Crime Scene Investigation, 2nd Ed. John R. Vacca 15
16 Fragile Nature of Digital Evidence The next 3 slides demonstrate what happens when you operate a computer. Evidence is modified. Evidence is destroyed. Source: Preservation of Fragile - Digital Evidence by First Responders - Special Agent Jesse Kornblum -Air Force Office of Special Investigations Files In Original Condition Files After Opening and Viewing The last accessed date and time changes any time a file is opened and viewed while the computer is in operation. Exception is Windows Vista and Newer 16
17 Files After Saving The last written (Last modified) date and time changes any time a file is saved or copied while the computer is in operation. And for other reasons, Other Digital Evidence Global Position Systems (GPS) Units (location data) Vehicle Black Boxes (trucking industry) ipods (employee theft) Digital Cameras (sex crimes) Security Cameras (robberies, wrongful death) Audio Recordings (wrongful death, terrorism, murder, defendant interviews) Game Consoles (murder) Security Systems (murder) Back up Tapes (data recovery, fraud) Experts 17
18 Defendant as Expert Why a Forensics Expert? Computer Forensics Expert Should have comparable or better training and experience than the other expert. Should have specific training and experience as a digital forensics expert Should have access to the same tools as the opposing expert Must be able to qualify as a forensic expert in court 18
19 Technical Expertise Comparison Legal Expertise Comparison Investigative Expertise Comparison Computer Experts No training in examination or investigation Get caught up in what-ifs that have no bearing on the case Do not know where to look for evidence Digital Forensics Experts Examination is targeted to the device, operating system and type of case 19
20 Selecting a Digital Forensics Expert Certifications Forensic Tools Do they have appropriate forensic tools and know how to use them? - Required to perform many digital forensic functions - Computer Forensics (EnCase, FTK) - Cell Phone Forensics (CelleBrite, Paraben, Susteen) - Almost always needed to perform forensically sound acquisitions and examinations. 20
21 Selecting an Expert: Overview 1. Actual training in digital forensics and sub-disciplines? 2. Digital Forensics certifications? Or just computer based certifications? 3. Actual case experience? 4. Recommendation letters from other professionals, particularly attorneys? 5. Background check? 6. References? Selecting an Expert: Overview RALEIGH (WTVD) -- The defense asked for a mistrial Tuesday in the Brad Cooper murder trial. The move came as the first witness for the defense endured a withering examination by the prosecution on his qualifications to testify as an expert. James Ward of WireGhost Security told the court he was an expert in computer network security, but the prosecution questioned his qualifications to testify about Cooper's computers as a forensics expert. Defense computer expert James Ward (WTVD Photo) Selecting an Expert: Overview Arguing before Gessner Tuesday, the prosecution said Ward lacked the proper education and experience to say there was evidence of computer tampering. "He has a home lab. He borrowed his tools from Cisco. He doesn't know what software he used," said prosecutor Boz Zellinger. Zellinger said the prosecution and defense should be held to the same standards on expert witnesses, and Ward falls short. "I would be laughed out of this building," said Zellinger. Gessner ruled that Ward could testify about network security, but he could not testify about the FBI reports on Cooper's computers. 21
22 Spotting a Problem Expert Attitude: How does the expert interact with your team? 1. Arrogant or superior? 2. Does he or she take the time to explain to properly explain technical concepts in easy to understand language? The Bull Factor 1. If an expert does not have the answer to a question, does he or she try to convince you that they do anyway? 2. Great risk when testifying. 3. Use of jargon to cover up ignorance. Expectations of a Forensics Expert Computer Forensics Expert Expected to Anticipate testimony of opposing expert based on the forensic reports and discovery Duplicate and verify the opposing expert s work Assist the attorney in preparation for trial Advise the attorney as to the merits of the case in regards to the digital evidence presented. Write direct and cross exam questions Analysis 22
23 Analyzing the Case Always work the case like you are the primary examiner. Never assume anything. Check all the points in the case where mistakes are normally made: Chain of custody. Examination standard procedures. RTC verified for all evidence containing clocks. Evidence handling at the scene. Was everything examined. Claims made in the forensics report. Pay particular attention to keyword search results, internet history results, link files, etc. Placing the defendant at the computer. Performing the Analysis Step one: Verify the accuracy of their findings Did they represent their findings correctly? How thorough was the examination? Verify the completeness of their report Is everything they found in the report?» Why or why not? Was exculpatory evidence ignored or missed? Establishing a framework for analysis Reading discovery documents Reading the computer forensics reports What claims are being made? What statements were made? What facts support the claims and which do not? 23
24 What clues can lead to a more thorough digital analysis? Defendant's statements Witness statements Police statements and interviews Call center records Search warrants and subpoenas Other supporting documents Law Enforcement's computer forensics report Case Analysis Examples Document Metadata Example 24
25 Picture Metadata Example Picture Metadata Example Internet History Before Clearing 25
26 Internet History After Clearing Challenging the evidence What the heck is unallocated space?» Unallocated space is areas on the hard drive that are available to store data.» When a file is deleted, it is only marked as deleted, so the old data remains on the hard drive in the unallocated space.» Forensic tools can recover files from this unallocated area of the hard drive.» Files recovered from unallocated space do not contain:» Dates or times.» Original file names» Original location on the hard drive. Contact Information: Lars@guardiandf.com Web: Phone: Book: Digital Forensics for Legal Professionals Syngress Publishing Amazon.com (Print and Kindle) Larry E. Daniel and Lars E. Daniel Questions? 26
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationCOMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
More informationDIGITAL EVIDENCE TOOL BOX
DIGITAL EVIDENCE TOOL BOX Toolbox Page 1 of 23 Introduction This guide is meant to provide a basic understanding of the industry standards, best practices and practical applications for the use of digital
More informationComputer Forensic Capabilities. Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice
Computer Forensic Capabilities Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice Agenda What is computer forensics? Where to find computer evidence Forensic
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationTrends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
More informationPRESS RELEASE. Computer Forensic Investigations Explode For Chester County Law Enforcement
CHESTER COUNTY DISTRICT ATTORNEY S OFFICE TELEPHONE: 610-344-6801 FAX: 610-344-5905 THOMAS P. HOGAN DISTRICT ATTORNEY 201 W. MARKET STREET, SUITE 4450 POST OFFICE BOX 2748 WEST CHESTER, PA 19380-0991 March
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationPreservation, Retrieval & Production. Electronic Evidence: Tips, Tactics & Technology. Issues
Electronic Evidence: Preservation, Retrieval & Production Issues Tips, Tactics & Technology April 19, 2004 Discussion Outline 21 st Century Discovery E-Evidence Uncovered Preservation / Spoliation Computer
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationMatt Danner Flashback Data
Preservation Strategies and Data Collection from a Forensic Expert's Point of View Best practices on executing preservation and administering collection protocols with emphasis on forensically sound methods
More informationMobile Devices Villanova University Department of Computing Sciences D. Justin Price Spring 2014
Mobile Devices Villanova University Department of Computing Sciences D. Justin Price Spring 2014 INTRODUCTION The field of computer forensics has long been centered on traditional media like hard drives.
More informationApplications for Preservation and Production in our Digital World
Applications for Preservation and Production in our Digital World Gavin W. Manes, Ph.D. President, Digital Forensics Professionals, Inc. Research Assistant Professor, The University of Tulsa Background
More informationNew Model for Cyber Crime Investigation Procedure
New Model for Cyber Crime Investigation Procedure * *Dept. of IT & Cyber Police, Youngdong University, Rep. of Korea ydshin@youngdong.ac.kr doi:10.4156/jnit.vol2.issue2.1 Abstract In this paper, we presented
More informationRUSSELL BOHSE.
RUSSELL BOHSE Peekinv@aol.com Peekinv@aol.com Professional Summary Fire Investigator offering over 30 years of both public and private investigation experience specializing in origin and cause and case
More informationHow to Like E-Discovery, Security and Social Media. Dr. Gavin W. Manes, CEO
How to Like E-Discovery, Security and Social Media Dr. Gavin W. Manes, CEO Gavin W. Manes, Ph.D. CEO, Avansic Doctorate in Computer Science from TU Scientific approach to e- discovery Published over fifty
More informationElectronic Surveillance & Constitutional/Legislative Protections
Electronic Surveillance & Constitutional/Legislative Protections Eric Vos Federal Defender District of Puerto Rico Eric_Vos@ao.uscourts.gov What is Electronic Surveillance? Not? What We Will Cover Cell
More informationFederal Rules of Civil Procedure IT Obligations For
Federal Rules of Civil Procedure IT Obligations For Email Message Logic is a business unit of Data Storage Corporation. 212-564-4922 www.messagelogic.net or www.datastoragecorp.com 2013 Data Storage Corporation,
More information11/1/2018 Application Forensics
11/1/2018 Application Forensics Eric Swisher Vashaad Fincher Tracey MacLeavy Application Forensics Computer Forensics is the practice of collecting, analyzing and reporting on digital data in a way that
More informationDigital Forensics at a University. Calvin Weeks Director, Oklahoma Digital Forensics Lab University of Oklahoma
Digital Forensics at a University Calvin Weeks Director, University of Oklahoma Calvin Weeks Director, Former Director of IT Security Certified EnCASE Examiner (EnCE) VP of the local chapter of HTCIA Co-Chair
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationEmployee Privacy, Digital Evidence, and the CFE. Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC
Employee Privacy, Digital Evidence, and the CFE Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC The Good Old Days CFE s Aerial View 1. What Information
More informationOutside the Box: Networks and The Internet
Outside the Box: Networks and The Internet Don Mason Associate Director Copyright 2011 National Center for Justice and the Rule of Law All Rights Reserved Inside vs. Outside Inside the Box What the computer
More informationPresenter Name. Date
Presenter Name Date Smartphone Forensics! Henry E. Saint-Fleur Antenna NFC microchip Presenter Name Date Smartphone Forensics Background Henry Saint-Fleur! Background! Computer Science / Network Administration
More informationSSDD and SSDF Handset seizure Paraben * Seizure test SE K850, SE Xperia
SSDD and SSDF Handset seizure Paraben * Seizure test SE K850, SE Xperia Small Scale Digital Device (SSDD) SSDD definition A Small Scale Digital Device is any of a variety of small form factor devices utilizing
More informationInside vs. Outside. Inside the Box What the computer owner actually has possession of 1/18/2011
Outside the Box: Networks and The Internet Don Mason Associate Director Copyright 2011 National Center for Justice and the Rule of Law All Rights Reserved Inside vs. Outside Inside the Box What the computer
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More information# Answer Bar Response % 1 (01) Books 0 0% 2 (02) Magazines 0 0% 3 (03) Newspapers 0 0% 4 (04) Commentary 0 0% 5 (05) Drama and Literature 0 0%
Initial Report Last Modified: 01/12/2015 1. *AWARD CATEGORY Please select the award category you are entering (select one only): 1 (01) Books 0 0% 2 (02) Magazines 0 0% 3 (03) spapers 0 0% 4 (04) Commentary
More informationC HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationWilliam Jacob Green, CCLO, CCPA, BLE
PROFILE William Jacob Green ( Jake ) has over ten years of forensic investigation experience. Beginning in 2005, Jake was responsible for managing traffic enforcement and collision investigations, having
More informationFORENSIC LABORATORY DEVELOPMENT AND MANAGEMENT: INTERNATIONAL BEST PRACTICES BY AGWEYE, BENEDICT HEAD OF FORENSICS, EFCC
FORENSIC LABORATORY DEVELOPMENT AND MANAGEMENT: INTERNATIONAL BEST PRACTICES BY AGWEYE, BENEDICT HEAD OF FORENSICS, EFCC DISCLAIMER THIS PAPER IS NOT A LEGAL ADVISE OR OPINION IT DOES NOT SPEAK FOR OR
More informationAfter the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning
After the Attack Business Continuity Week 6 Part 2 Staying in Business Disaster Recovery Planning and Testing Steps Business continuity is a organization s ability to maintain operations after a disruptive
More informationUSE OF TECHNOLOGY TO DISTRIBUTE CHILD PORNOGRAPHY
Peer to Peer Networking BitTorrent, a popular peer to peer networking software, can be downloaded for free from the BitTorrent website. Once the user has installed the program on their computer, they can
More informationEXPERT WITNESS: Completion of a perfect circle
An Agency Under MOSTI EXPERT WITNESS: Completion of a perfect circle Cyber Forensics Workshop, Doha,Qatar February 21, 2008 By R.Azrina R.Othman CyberSecurity Malaysia Copyright 2008 CyberSecurity Malaysia
More informationResponding to Cybercrime:
Responding to Cybercrime: Preserving Crucial Evidence for Law Enforcement RCMP National Division Integrated Technological Crime Unit (ITCU) Presented by : Sgt. Stéphane Turgeon Cpl. David Connors 2 Goals
More informationTypical Investigative Steps and Legal Framework
Typical Investigative Steps and Legal Framework National Center For Justice And The Rule Of Law University of Mississippi School of Law Thomas K. Clancy Director www.ncjrl.org investigating on the internet
More informationAccessData offers a broad array of training options.
Forensics Training AccessData offers a broad array of training options. Our trainers have more than two centuries of cumulative experience in their respective fields. Take Advantage of the All Access Pass
More informationPROVIDING INVESTIGATIVE SOLUTIONS
PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely
More informationUSE OF TECHNOLOGY TO DISTRIBUTE CHILD PORNOGRAPHY
TYPES OF TECHNOLOGY Peer to Peer Networking Networks in which computers are equal partners using common file sharing programs that allow users to connect directly to each other s computer hard drive to
More informationCOMPUTER HACKING Forensic Investigator
COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach
More informationDigital Forensics UiO
Digital Forensics UiO About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Information Security Consultant Security Audits Digital Forensics / Incident Response Education
More informationMichael McCartney, President
Michael McCartney, President Litigation Landscape Computer Forensics Overview Forensic Data vs. Non-Forensic Dangers of Hard Drives Forensic Process HR Escrow Proactive Forensics Pit falls to avoid 1 650
More informationDigital Forensics UiO. Digital Forensics in Incident Management. About Me. Outline. Incident Management. Finding Evidence.
Digital Forensics UiO Outline Incident Management Digital Forensics Finding Evidence 3 About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Information Security Consultant
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationAndroid Forensics: Simplifying Cell Phone Examinations
Android Forensics: Simplifying Cell Phone Examinations Jeff Lessard, Gary Kessler 2010 Presented By: Manaf Bin Yahya Outlines Introduction Mobile Forensics Physical analysis Logical analysis CelleBrite
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationChapter 13: The IT Professional
Chapter 13: The IT Professional IT Essentials v6.0 ITE v6.0 1 Chapter 13 - Sections & Objectives 13.1 Communication Skills and the IT Professional Explain why good communication skills are a critical part
More informationDigital Evidence for the Domestic Practitioner
Digital Evidence for the Domestic Practitioner Presented by: Simon Ragona III, EnCE, CCE, ACE, Director Kyle Poppenwimer, CCE, ACE, Senior Digital Forensic Examiner T&M Protection Resources, LLC 230 Park
More informationBIG DATA ANALYTICS IN FORENSIC AUDIT. Presented in Mombasa. Uphold public interest
BIG DATA ANALYTICS IN FORENSIC AUDIT Presented in Mombasa Uphold public interest Nasumba Kwatukha Kizito CPA,CIA,CISA,CISI,CRMA,CISM,CISSP,CFE,IIK Internal Audit, Risk and Compliance Strathmore University
More information25 ESI and E-Discovery Terms. (in 75 minutes!) for Mediators
25 ESI and E-Discovery Terms (in 75 minutes!) for Mediators chopkins@mcdonaldhopkins.com Christopher Hopkins M c D o n a l d H o p k i n s L L C W e s t P a l m B e a c h Lawyer, mediator, and arbitrator.
More informationCall Detail Records The Evidence 10/19/2017. Locating Cell Phones
Cell Phone Location Evidence for Legal Professionals Larry Daniel DFCP, EnCE, ACE, AME, BCE, CTNS, CTA, CWA Locating Cell Phones Least Precise to Most Call Detail Records (Drive Testing) Google Location
More informationChallenges and Opportunities for Statistics in Digital Forensics
Challenges and Opportunities for Statistics in Digital Forensics Turing Gateway to Mathematics Isaac Newton Institute 1 st December 2016 Dr. James Luck (james.luck@met.police.uk) TOTAL POLICING Date Arial
More informationTypical Investigative Steps and Traveler cases
Typical Investigative Steps and Traveler cases Thomas K. Clancy copyright, Thomas K. Clancy, all rights reserved, 2012. "inside the box, outside the box" Outside the box The Box Sender (AOL) obtaining
More informationMOBILE DEVICE FORENSICS
MOBILE DEVICE FORENSICS Smart phones and other handheld electronics have become an important part of our everyday lives and the ever changing technology is making these devices a major source of digital
More informationTHINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte
Inside magazine issue 16 Part 03 - From a risk and cyber perspective perspective Roland Bastin Partner Risk Advisory Deloitte Gunnar Mortier Senior Manager Risk Advisory Deloitte THINGS YOU NEED TO KNOW
More informationJ. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering
J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering CCI Post Office Box 9627 Mississippi State, MS 39762 Voice: (662) 325-2294 Fax: (662) 325-7692
More informationGlobal Alliance Against Child Sexual Abuse Online 2014 Reporting Form
Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form MONTENEGRO Policy Target No. 1 Enhancing efforts to identify victims and ensuring that they receive the necessary assistance, support
More informationChecklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery
Checklist for Rule 16(c) Pretrial Conference for Computer-Based Discovery To aid and advance the ability for a litigation to successfully employ computer-based discovery, Rule 16(c) of the Federal Rules
More informationAUTHENTICATION OF ELECTRONICALLY STORED EVIDENCE
AUTHENTICATION OF ELECTRONICALLY STORED EVIDENCE SHARON N. PRUITT Assistant Attorney General Juvenile Crime Intervention P.O. Box 12548 Austin, TX 78711-2548 (512) 936-6406 sharon.pruitt@texasattorneygeneral.gov
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation Inno Eroraha, Chief Strategist 22375 Broderick Drive Suite 235 Dulles, VA 20166 SBA 8(a) Certified SDB GSA Contract # GS-35F-0288Y VA DCJS
More informationIntroduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
More informationForensics for Cybersecurity. Pete Dedes, CCE, GCFA, GCIH
Forensics for Cybersecurity Pete Dedes, CCE, GCFA, GCIH WHO AM I? Pete Dedes, Forensics Analyst, Sword & Shield Enterprise Security Education Bachelor s of Science Computer Science, University of Tennessee
More informationReport For Algonquin Township Highway Department
Report For Algonquin Township Highway Department Prepared For: Prepared By: Robert Hanlon Attorney at Law robert@robhanlonlaw.com Andy Garrett Garrett Discovery Inc agarrett@garrettdiscovery.com Date:
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More information4 having been first duly sworn, testified as follows: 6 Q. (BY MS. REYNA) Good afternoon, Officer. 7 Could you please introduce yourself to our jury?
197 Eric Johnson - June 2, 2014 Cross-Examination by Mr. Davis 1 may have a seat, sir. 2 THE WITNESS: Thank you. 3 MARK WILSON, 4 having been first duly sworn, testified as follows: 5 DIRECT EXAMINATION
More informationDigital Forensics UiO
Digital Forensics UiO About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Head of Security Senior Information Security Consultant Security Audits Digital Forensics / Incident
More informationDigital Evidence: I know it s there, how do I get it?
: I know it s there, how do I get it? January 24, 2019 Matthew Rollins Senior Assistant District Attorney Paulding County Judicial Circuit Josh Reed Network Intrusion Forensic Analyst United States Secret
More informationDigital Forensics UiO
About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS Digital Forensics UiO I work as: Head of Security Senior Information Security Consultant Security Audits Digital Forensics / Incident
More informationPreparing Testimony about Cellebrite UFED in a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED in a Daubert or Frye Hearing Table of Contents The Cellebrite UFED is among the best known and most used mobile forensic extraction and analysis tools in the digital
More informationThe Use of Technology to Enhance Investigation
The Use of Technology to Enhance Investigation Of High Profile Corruption Cases. Centre for Socio-Legal Studies Objectives By the end of this keynote, participants will be knowledgeable on: 1. Open Source
More informationVideo and Audio Recordings Video and audio recordings of activities continue to
Chapter 3 Video and Audio Recordings Video and audio recordings of activities continue to become prevalent in investigations of criminal activity. Recordings include surveillance tapes recordings of criminal
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationEducating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts
Educating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts Dr. Hans Henseler, University of Applied Sciences Leiden Sophie van Loenhout M.Sc., Netherlands Register of Court Experts
More informationScientific Working Groups on Digital Evidence and Imaging Technology
SWGDE/SWGIT Guidelines & Recommendations for Training in Digital & Multimedia Evidence Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE/SWGIT request
More informationTHE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.
THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.FFa) BROCHURE Contents INTRODUCTION... 3 THE IICFA... 4 Basic Entry qualifications...
More informationSignature: Signed by GNT Date Signed: 6/15/2015. To establish the policies and procedures of the Cyber Crimes Squad.
Atlanta Police Department Policy Manual Standard Operating Procedure Effective Date: June 15, 2015 Applicable To: All employees Approval Authority: Chief George N. Turner Signature: Signed by GNT Date
More informationAGENDA. 24-Aug-15 FORENSIC TECHNOLOGY: ADDING VALUE TO LITIGATION FROM THE PERSPECTIVE OF A LAWYER
FORENSIC TECHNOLOGY: ADDING VALUE TO LITIGATION FROM THE PERSPECTIVE OF A LAWYER Presented @ ANNUAL GENERAL CONFERENCE OF NIGERIAN BAR ASSOCIATION by Dr. Peter O. Olayiwola, BBA, MBA, Ph.D., FNCS, MCPN,
More informationOFFICE OF THE PROSECUTING ATTORNEY DANIEL R. LUTZ 215 N. GRANT STREET WOOSTER, OHIO BAD CHECK PACKET
OFFICE OF THE PROSECUTING ATTORNEY DANIEL R. LUTZ 215 N. GRANT STREET WOOSTER, OHIO 44691 330-287-5633 BAD CHECK PACKET Requirements for Prosecution - Non-sufficient Funds (NSF) Checks: 1) Check must have
More informationSnap Inc. Law Enforcement Guide
Snap Inc. Law Enforcement Guide Last Updated: April 27, 2018 Download the most recent version at: https://www.snapchat.com/lawenforcement Mailing Address: Custodian of Records Snap Inc. 63 Market Street
More information- To aid in the investigation by identifying. - To identify the proper ISP, webhosting. - To use in search warrant affidavits for to
User Story: User Type Data Elements Purpose Specification 1 As a [Insert User I use the following data For the purpose of [specify] Type from list] elements: [insert from list, 2 3 4 add anything missing]
More informationSTRIPPING METADATA: WHAT EVERY ATTORNEY SHOULD KNOW-A WEBINAR
STRIPPING METADATA: WHAT EVERY ATTORNEY SHOULD KNOW-A WEBINAR Judith Germano, Esq. Member, New Jersey Supreme Court s Working Group on Ethical Issues Involving Metadata in Electronic Documents Germano
More informationSearching Securely: Technical Issues with Warrants for Remote Search. Steven M. Bellovin June 28,
Searching Securely: Technical Issues with Warrants for Remote Search Steven M. Bellovin June 28, 2015 1 The Fourth Amendment to the U.S. Constitution The right of the people to be secure in their persons,
More informationCOMPUTER CRIME LAW PROFESSOR KERR
COMPUTER CRIME LAW PROFESSOR KERR 6369-10 SYLLABUS Spring 2017 I. Course Summary This course examines the legal issues raised by computer-related crime. The course coverage divides into three topics: (1)
More informationSAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE
SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE COURSE TITLE: CODE NO. : SEMESTER: Fall 2011 PROGRAM: AUTHOR: Computer Engineering Technologist - Networking Dan Kachur
More informationTECHNICAL EVIDENCE IN STALKING PROSECUTIONS
TECHNICAL EVIDENCE IN STALKING PROSECUTIONS Where to Get It and How to Get It In SUPPORT This project was supported by Grant No. 2009-TA-AX-K024 awarded by the U.S. Department of Justice, Office on Violence
More informationINDIANA DEPARTMENT OF CORRECTIONS Credit Recommendation Guide
INDIANA DEPARTMENT OF CORRECTIONS 2009-2013 Credit Recommendation Guide The following courses have been evaluated by Corporate Articulation to potentially fulfill General Education or Elective credits
More informationGlobal Cybercrime Certification
Global Cybercrime Certification Yves Vandermeer ECTEG chair yves.vandermeer@ Way to a new IT crime ecosystem Standard Operation Procedures and Education docs ACPO - Good Practice Guide For Digital Evidence
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationA Road Map for Digital Forensic Research
1 Outline of Today s Lecture! A Road Map for Digital Forensic Research o Report from the 1 st Digital Forensic Research Workshop (DFRWS) 2001! Defining Digital Forensic Examination and Analysis Tools o
More informationOrganization of Scientific Area Committees for Forensic Science (OSAC)
Stetson University College of Law Essentials in Forensic Science and the Law Webinar Series Organization of Scientific Area Committees for Forensic Science (OSAC) Mark D. Stolorow Director for OSAC Affairs
More informationECCouncil v9. ECCouncil Computer Hacking Forensic Investigator (V9)
ECCouncil 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) https://killexams.com/pass4sure/exam-detail/312-49v9 QUESTION: 227 What is the target host IP in the following command? C:\> firewalk
More informationDocumenting a Digital Forensic Investigation - Guide
Contents How to Setup Forensic Notes to Document Your Investigations... 2 Creating Folders... 3 Deleting a Folder... 6 Creating Nested Folders... 8 Notetaking: Intake Officer... 9 Creating a Notebook...
More informationDigital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James
Digital Forensic Science: Ideas, Gaps and the Future Dr. Joshua I. James Joshua@cybercrimetech.com 2015-08-09 Overview Digital Forensic Science where are we now? Past Present Where are we going? Future
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationVideo Forensics: WHAT YOU NEED TO KNOW
An Agency Under MOSTI Video Forensics: WHAT YOU NEED TO KNOW Presented by: MOHD SHARIZUAN B MOHD OMAR Digital Forensics Analyst sharizuan@cybersecurity.my +60389926935 Copyright 2008 CyberSecurity Malaysia
More informationSecurity Incident Investigation
Security Incident Investigation A Seminar Presented to CERIAS at Purdue University Peter Stephenson, CPE, PCE Director of Technology Global Security Practice, Netigy Corp. peter.stephenson@netigy.com Background
More information