Re: Initial Machine login - Computer Forensics 101

[PCSC Information Services <info () pcsage biz>]

Michael,

I would err on the side of caution in this instance, as there is no  
way to validate the true ownership of the machine. Some clients may  
not be worth the exposure. It may be best to have her contact a  
licensed private investigator to offset your potential liability in  
this scenario. The investigator could then utilize your services as  
part of their investigation into the marital infidelity.

On the question of access, booting from a live cd might be the best  
course of access to files on the harddrive. Of course, if there is a  
full disk encryption mechanism in place, you may be grasping at straws.

When in doubt, C.Y.A.

Best,

Sean Swayze

On 2-Feb-08, at 11:14 PM, Michael Condon wrote:

> Here is a Computer Forensics 101 question.
> Suppose a distraught woman comes to me with her husband's laptop and  
> wants me to
> search it for information about a suspected marital indescretion.
> 1. Assuming it is an XP/Vista machine, how can I log in as  
> administrator?
> 2. Is the second approach to make a bistream copy of the hard drive  
> using an external USB har drive enclosure and proceed that way?