Security Basics mailing list archives
RE: Initial Machine login - Computer Forensics 101
From: "Steven Bonici" <sbonici () ilaonline org>
Date: Wed, 6 Feb 2008 08:26:40 -0500
--PI Licensing required for computer forensics in court Groklaw blog: the ante is increasing on the credentials required for digital evidence submitted in courts. http://www.groklaw.net/article.php?story=2008013014235863 Possibly related case: Another odd example... Last week, an expert witness was excluded due to a challenge saying an individual who graduated college with a biochemistry major does not have enough expertise to be a computer forensic expert despite having experience and certifications. http://ridethelightning.senseient.com/2008/01/when-logic-and.html [Guest Editor (Robert Lee - SANS Forensics instructor and track lead): Many forensic analysts/experts who testify or examine evidence may not be licensed PIs, and, as a result motions to dismiss the testimony or the analysis will be filed in the court. It will be up to counsel to have a persuasive argument to counter the motion and up to the judge to make fair decisions based on the arguments presented. Even in Texas and South Carolina where state opinions are surfacing on the PI question, it is still ultimately up to the judge in each case to allow the evidence or the analysis to be included in the proceedings. I think logic will eventually win here, but I'm glad to see it brought up in court so more people can discuss it. Buckle your seatbelts; expect many more such cases to keep popping up. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Murda Mcloud Sent: Monday, February 04, 2008 11:10 PM To: 'Michael Condon'; security-basics () securityfocus com Subject: RE: Initial Machine login - Computer Forensics 101 Hi Michael, Sorry, I forgot to give a link http://www.e-fense.com/helix/ or F.I.R.E http://fire.dmzs.com/ You can go for knoppix-std too. http://www.knoppix-std.org/ The closest thing I've come to from a windows standpoint is (not the same as the others in functionality) http://www.nu2.nu/pebuilder/ There may be others. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: Tuesday, February 05, 2008 2:13 AM To: Worrell, Brian; security-basics () securityfocus com Subject: Re: Initial Machine login - Computer Forensics 101 Well understood. That brings up another subject - is there freeware or a documented procedure for making a bootable CD? Michael Condon ----- Original Message ----- From: "Worrell, Brian" <BWorrell () isdh IN gov> To: "Michael Condon" <mjc001 () juno com>; <security-basics () securityfocus com> Sent: Monday, February 04, 2008 10:06 AM Subject: RE: Initial Machine login - Computer Forensics 101 Michael, Quick sidebar, I recall reading a post about this before on another list. If you are being paid to do this, you need to make sure its all above board as in some states this can be consider illegal. Do not recall the exact issue, but part of the outcome was that you needed to have very clear, signed, documentation on what you were asked to do. Think the case the article was referring too was in California. That said, I would make a copy of the drive, and not alter the original in any way. This helps keep the evidence chain. Brian -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: Saturday, February 02, 2008 11:15 PM To: security-basics () securityfocus com Subject: Initial Machine login - Computer Forensics 101 Here is a Computer Forensics 101 question. Suppose a distraught woman comes to me with her husband's laptop and wants me to search it for information about a suspected marital indescretion. 1. Assuming it is an XP/Vista machine, how can I log in as administrator? 2. Is the second approach to make a bistream copy of the hard drive using an external USB har drive enclosure and proceed that way?
Current thread:
- Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Danyelle Gragsone (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Ansgar -59cobalt- Wiechers (Feb 04)
- RE: Initial Machine login - Computer Forensics 101 Worrell, Brian (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)
- RE: Initial Machine login - Computer Forensics 101 Worrell, Brian (Feb 05)
- RE: Initial Machine login - Computer Forensics 101 Murda Mcloud (Feb 05)
- RE: Initial Machine login - Computer Forensics 101 Steven Bonici (Feb 06)
- RE: Initial Machine login - Computer Forensics 101 Craig Wright (Feb 08)
- Re: Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)