|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Computer Forensics
Date: Fri May 09 2003 - 08:30:24 EDT
Good point, but often when you conduct forensic analysis - you never know what you might find.
Say you investigate a complex case and conduct all the procedures to ensure evidence is not comprimised, only to find nothing. On the other hand, you extract/recover some data on a simple case - to find it explodes into a serious investigation resulting in court.
Therefore if you miss out procedures 1 and 2, skipping to procedure 3 to recover data - and then find something serious, all the evidence could now be comprimised.
"Kurt Seifried"
To: , "Kruse, Warren G, II (Warren)" ,
'Matías Bevilacqua-Brechbühler Trabado' , "'Jonathan A.
06/05/2003 21:20 Zdziarski'" , "'yannick'san'" ,
Please respond to "'William Cimo'" ,
"Kurt Seifried" cc:
Subject: Re: Computer Forensics
One potentially dangerous thing I see developing with this effort is the
assumption most people seem to be making that the forensics
procedure/technology must withstand legal scrutiny, i.e. under a court of
law. This is not always the case. Many sites will want to execute computer
forensics for other reasons, such as recovering data, finding out why a
server crashed badly, and people who want to gather that data but do not
need or want to pursue legal sanctions against the other party (i.e.
companies running regular checks on systems to detect anamolous behaviour,
a
suspicious spouse, a concerned parent, etc.).
I feel it is important to remember that not everyone has the same
legal/technical requirements for computer forensics and that the guide
should reflect this. I.e. offer a set of options/reccomendations (do steps
3
through 7 to recover the data. do steps 1 through 2 and 8 through 10 to
recover the data in a fashion that is more likely to withstand legal
examination).
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
The information in this e-mail (which includes any files transmitted with it) is confidential and may also be legally privileged. It is intended for the addressee only. Access to this e-mail by anyone else is unauthorised. It is not to be relied upon by any person other than the addressee except with our prior written approval. If no such approval is given, we will not accept any liability (in negligence or otherwise) arising from any third party acting, or refraining from acting, on such information. Unauthorised recipients are required to maintain confidentiality. If you have received this e-mail in error please notify us immediately, destroy any copies and delete it from your computer system. Any use, dissemination, forwarding, printing or copying of this e-mail is prohibited. Copyright in this e-mail and any document created by us will be and remain vested in us and will not be transferred to you. We assert the right to be identified as the author of and to object to any misuses of the contents of this e-mail or such documents.
Grant Thornton and Grant Thornton Asset Management Limited are independent financial advisers authorised and regulated by the Financial Services Authority for investment business. A list of partners may be inspected at Grant Thornton House, Melton Street, Euston Square, London NW1 2EP.
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun May 11 12:23:59 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |