PaulDotCom mailing list archives
Digital Forensic Software
From: arch3angel at gmail.com (Robert Miller)
Date: Wed, 09 Dec 2009 19:12:01 -0500
Awesome Email Karl, I completely forgot about about the NCJRS PDF !!! Thanks for the additional information as well - Great Information! - Robert arch3angel On 12/9/2009 5:16 PM, Karl Schuttler wrote:
FTK Imager is a pretty good (and free) imaging software. Digital chain of custody is very similar to your regular chain of custody; there isn't any standard form for it. Attached is one I whipped up for my digital forensics class in openoffice calc, based off of http://www.precisecyberforensics.com/CoC.html. I've also attached it in excel format, but I don't know if the formatting gets messed up. The Forensic Examination of Digital Evidence: A Guide for Law Enforcement (http://www.ncjrs.gov/pdffiles1/nij/199408.pdf) is a good start for general procedures in the seizure of digital evidence. It also has some nice worksheets in the middle of it used by the DEA. Finally, I assume that the prosecutor would be aware of this, but some states have laws in regards to who can perform a forensic evaluation. In MI, for example, there is some draconian criteria you have to follow to be legit, such as the requirement to have a PI license; if you perform digital forensics there and do not follow their guidelines, you are committing a felony. It would be worthwhile to make sure any work you're doing for the state isn't illegal. http://www.forensicmag.com/articles.asp?pid=273 lists the laws for Arizona, California, and South Carolina. Hope this helped, Karl On Wed, Dec 9, 2009 at 12:55 PM, Tyler Robinson<pcimpressions at gmail.com> wrote:Hey all looking for some of the fantastic advice that the pauldotcom listeners always provide. I am helping our prosecuting attorney with evidence from a hard drive, I am wondering what software everyone is using to make the drive images, and if anyone knows of a good website that has all the proper forms ex. digital chain of custody, and also some checklists or guidelines. I know that Helix is a widely accepted linux distro for this sort of thing but dont have much experience with it. I also have a copy of FTR and have worked with it a bit. So any advice at all is always appreciated. Thanks again and Thanks to Paul and Larry for bringing together such a dynamic group of Security professionals and a great show. -- Tyler Robinson Owner of Computer Impressions and Tactical Network Security _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091209/67eaa66f/attachment.htm
Current thread:
- Digital Forensic Software, (continued)
- Digital Forensic Software Chris Gerling Jr (Dec 10)
- Digital Forensic Software xgermx (Dec 09)
- Message not available
- Digital Forensic Software Tyler Robinson (Dec 09)
- Digital Forensic Software Tim Mugherini (Dec 10)
- Digital Forensic Software PJ McGarvey (Dec 10)
- Digital Forensic Software Joel Folkerts (Dec 10)
- Recommended hardware for Snort IDS Nils (Dec 11)
- Recommended hardware for Snort IDS Joel Esler (Dec 11)
- Recommended hardware for Snort IDS Aa'ed Alqarta (Dec 11)
- Message not available
- Digital Forensic Software Robert Miller (Dec 09)
- Digital Forensic Software Monkey Daemon (Dec 10)
- Digital Forensic Software Daniel [virturity.com] (Dec 10)