Hosting Provided By

RE: Computer Forensics

From: Tyzenhaus, Laurie <Laurie.Tyzenhaus(at)ch.doe.gov>
Date: Tue May 06 2003 - 10:34:11 EDT

The PROCESS should be the starting point. Once the PROCESS is agreed upon, then the focus should be on the procedures and specific technologies. Using the PROCESS as the guide, the procedures can be created by the specific platform experts and tested by the novices. Consider adding the procedures as appendices. We can't ignore the technology just because it is changing so fast.

I don't mean imply that you folks write a book, but there should be enough technical detail in the procedures that they cannot be misinterpreted by anyone, whether lawyer, judge, technical or John-Q-Public.

Laurie

First time posting, long time lurking ...

This is my opinion, and does not reflect the opinion of my employer.

Laurie Tyzenhaus
ISTP Technical Expert
DOE - CH Office of Counterintelligence
9800 S. Cass Avenue
Argonne, IL 60439
Voice: 630-252-6773
Email: Laurie.Tyzenhaus@ch.doe.gov

-----Original Message-----
From: Ralph S. Hoefelmeyer [mailto:ralph.hoefelmeyer@mci.com] Sent: Monday, May 05, 2003 10:48 PM
To: Kruse, Warren G, II (Warren); 'Matías Bevilacqua-Brechbühler Trabado'; 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensics@securityfocus.com
Subject: RE: Computer Forensics

Process

Process is the glue that binds the procedures and the technology in a legal sense. Develop a process. Match procedures to that process. Match the current technologies to the procedures. Develop methods to layer in new technologies as they appear.

Technologies are changing at a very fast pace, and it will only get faster. We need to ensure the forensics process will provide a legally binding link between the procedures and the technologies that will withstand legal scrutiny. Part of this process will be a procedure for explaining complex technical issues in layman's terms to juries and/or judges with little technical knowledge.

Ralph S. Hoefelmeyer, CISSP
Senior Engineer, Cyborg
MCI Strategic and Intelligent QA/Test
719.535.4576 Office
"Security is a process, not a product" : Bruce Schneier

Do you need help?

-----Original Message-----
From: Kruse, Warren G, II (Warren) [mailto:wgkruse@lucent.com] Sent: Monday, May 05, 2003 12:23 PM
To: 'Matías Bevilacqua-Brechbühler Trabado'; 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensics@securityfocus.com Subject: RE: Computer Forensics

Very true, that plus the technology changes so fast. We fought that problem for two years when we were writing our computer forensics book. You don't want it to be outdated before it hits the shelves.

-wk

Warren G. Kruse II, CISSP, CFCE
Investigations Manager
Lucent Technologies
732-949-8713
wgkruse@lucent.com

-----Original Message-----
From: Matías Bevilacqua-Brechbühler Trabado [mailto:mbevilacqua@cybex.info] Sent: Sunday, May 04, 2003 2:45 PM
To: 'Jonathan A. Zdziarski'; 'yannick'san'; 'William Cimo'; forensics@securityfocus.com
Subject: RE: Computer Forensics

> > Will it be only technical procedures or will it integrate

> This is the heart of what annoys me about computer forensics books.
> They are excellent resources for methodology and procedure but are
> void of most any hands-on technical information. It would be very
> nice to have a reference of hands-on technical information to consult
> when performing different types of forensics scenarios.

This is because Computer Forensics depends so much on methodology and procedures. Both are critical for a successful Forensic process. I will be taking this into consideration when creating the survey I talked about, let's see what the rest of the community thinks about it.

Regards,
Matías Bevilacqua Trabado

CYBEX ___________________________________________________________________

PGP-ID: 0x40A4869F
PGP Fingerprint: 2052 98A0 F0F0 2914 D7FA 4E7C 0488 7E8C 40A4 869F

Do you need more help?

CYBEX
Grupo Intelligence Bureau
Rambla de Catalunya, 32 4º-2ª
08007 Barcelona-SPAIN
Tel. 93 215 53 23
Fax. 93 215 50 72
http://www.cybex.info

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu May 8 17:44:54 2003

This message: [ Message body ]
Next message: shrink-wrap(at)hushmail.com: "RE: Finding root-kits on Windows"
Previous message: Ralph S. Hoefelmeyer: "RE: Computer Forensics"
Maybe in reply to: Matias Bevilacqua: "RE: Computer Forensics"
In reply to yannick'san: "Re: Computer Forensics"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT