Security Basics mailing list archives
Re: Initial Machine login - Computer Forensics 101
From: PCSC Information Services <info () pcsage biz>
Date: Mon, 4 Feb 2008 11:34:48 -0500
Michael,I would err on the side of caution in this instance, as there is no way to validate the true ownership of the machine. Some clients may not be worth the exposure. It may be best to have her contact a licensed private investigator to offset your potential liability in this scenario. The investigator could then utilize your services as part of their investigation into the marital infidelity.
On the question of access, booting from a live cd might be the best course of access to files on the harddrive. Of course, if there is a full disk encryption mechanism in place, you may be grasping at straws.
When in doubt, C.Y.A. Best, Sean Swayze On 2-Feb-08, at 11:14 PM, Michael Condon wrote:
Here is a Computer Forensics 101 question.Suppose a distraught woman comes to me with her husband's laptop and wants me tosearch it for information about a suspected marital indescretion.1. Assuming it is an XP/Vista machine, how can I log in as administrator? 2. Is the second approach to make a bistream copy of the hard drive using an external USB har drive enclosure and proceed that way?
Current thread:
- Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Danyelle Gragsone (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Ansgar -59cobalt- Wiechers (Feb 04)
- RE: Initial Machine login - Computer Forensics 101 Worrell, Brian (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)
- RE: Initial Machine login - Computer Forensics 101 Worrell, Brian (Feb 05)
- RE: Initial Machine login - Computer Forensics 101 Murda Mcloud (Feb 05)
- RE: Initial Machine login - Computer Forensics 101 Steven Bonici (Feb 06)
- RE: Initial Machine login - Computer Forensics 101 Craig Wright (Feb 08)
- Re: Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)