Digital Forensics for Attorneys Overview of Digital Forensics
|
|
- Tyler Short
- 8 years ago
- Views:
Transcription
1 Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence Acquisition (Collection) and Preservation Experts, Evidence and Analysis Understand Forensic Experts vs. Computer Experts Digital evidence: discovery and usage Overview of Digital Forensics Analysis Challenging Digital Evidence In The Beginning Digital Footprints Digital evidence in 80% of cases 5+ billion cell phone subscriptions Digital Forensics Not Only Computers Computer Forensics Computers and Data Storage Devices Hard drives, USB thumb drives, Backup Tapes, Media cards Social Media Forensics Facebook, Twitter, Chat, MySpace, Internet Presence on Blogs, Message Boards Forensics Back tracking s recovery authentication By 2013 there will be over 1 trillion devices connected to the Internet 1
2 Digital Forensics The Sub-Disciplines Peer to Peer Forensics File sharing via Limewire, BitTorrent, Gigatribe, itunes, others Cell Phone Forensics Call logs, contacts, text messages, pictures, movies, geolocation Cellular Evidence Forensics Cell phone record analysis, Cell phone ping analysis, Cell tower mapping Typical Case Types: Murder, Kidnapping, Drugs Digital Forensics The Sub Disciplines Digital Video and Image Forensics Security Video, Camera Video, Pictures Audio Forensics Police Interviews, Police Radio Recordings, Wiretaps GPS (Global Positioning Systems) Data from GPS units, Logs from GPS tracking, House Arrest Some Basics Common Mistakes CPU Inside The Computer RAM Random Access Memory Only contains data while the computer is turned on. Temporary processing storage only used while operating the computer. Is cleared when the computer shuts down or re-starts. Calling these monitors, CPUs, Hard Drives, etc. CPU Central Processing Unit Only performs calculations. Stores nothing. The brain of the computer. Inside The Computer Inside The Computer Hard drives today can store millions of Pictures Music files Movies Passwords s Web Pages Chats These are hard drives too. The Hard Drive stores the evidence... 2
3 Digital Evidence Digital Evidence Digital Evidence Digital Evidence Overview Digital Forensics Four Primary Areas of Focus Acquisition (Collection) Obtaining the original evidence items Making forensic copies of original evidence Preservation Protecting the original evidence items Analysis Finding evidence Presentation Reporting findings and testimony Digital Forensics Foundations The foundation of digital forensics is the ability to collect, preserve and recover data in a forensically sound manner. Forensic Processes and Tools must be: 1. Predictable 2. Repeatable 3. Verifiable Forensic Documentation must include: Unbroken Chain of Custody Documentation of all actions taken Digital Forensics The Sub-Disciplines Computer Forensics Computers and Data Storage Devices Typical Case Types: All Social Media Forensics Facebook, Twitter, Chat, MySpace, Internet Presence on Blogs, Message Boards Typical Case Types: Infidelity, Libel and Slander, Employee Wrongdoing Forensics Back tracking s recovery Typical Case Types: Murder, Rape, Infidelity, Sexual Harassment, Child Pornography Digital Forensics The Sub-Disciplines Peer to Peer Forensics File sharing via Limewire, BitTorrent, others Typical Case Types: Child Pornography, Copyright Violations, Data Theft Cell Phone Forensics Call logs, contacts, text messages, pictures, movies, geo-location Typical Case Types: Murder, Sexting, Infidelity, Rape, Kidnapping, Drugs Cellular Evidence Forensics Cell phone record analysis, Cell phone ping analysis, Cell tower mapping Typical Case Types: Murder, Kidnapping, Drugs Digital Forensics The Sub Disciplines Digital Video and Image Forensics Security Video, Camera Video, Pictures Typical Case Types: Murder, Theft, Employee Misconduct, Wrongful Death Audio Forensics Police Interviews, Police Radio Recordings, Wiretaps Typical Case Types: Murder, Conspiracy, Wrongful Death GPS (Global Positioning Systems) Data from GPS units, Logs from GPS tracking, House Arrest Typical Case Types: Murder, Parole Violations, Kidnapping 3
4 Acquiring (Collecting) and Handling Digital Evidence Digital forensics requires forensically sound acquisitions. Defensible Practices Proper Chain of Custody Verification of evidence Proper documentation Acquisition (Collection) First contact with the original evidence. Most critical time for protecting the originals. Most likely time for police or others to damage or change evidence. General rules MUST be followed to preserve and protect evidence during this critical first response period. First point in establishing chain of custody. Polices for Law Enforcement are published by the National Institute for Justice Acquisition (Collection) First responders should be trained to handle this type of evidence. Digital evidence is fragile. Digital evidence is easily altered if not handled properly. Simply turning a computer on or operating the computer changes and damages evidence. This is Not Forensically Sound What Is Forensically Sound? This is ForensicallySound Verification Must Be Done 4
5 Organization of Logical Data on a Hard Drive Physical Acquisition A complete mirror image of the physical storage media, also referred to as a bit-stream copy. Gets everything, including deleted data and unallocated space Collected in forensic format that is easily verifiable Meets the standards for original evidence Supports full chain of custody Cannot be contaminated. Two Types of Deleted Data Preservation Once digital evidence is seized it must be handled carefully to preserve and protect the evidence. Everything should be tagged. No one should operate or preview any evidence on writable media without proper tools and training. Forensically sound copies of all original evidence must be made before analysis. Records must be kept. Fragile Nature of Digital Evidence The simple act of turning a computer on can destroy or change critical evidence and render that evidence useless. Maryland State Police -- Criminal Enforcement Command --Computer Crimes Unit Even the normal operation of the computer can destroy computer evidence that might be lurking in unallocated space, file slack, or in the Windows swap file. Computer Forensics, Computer Crime Scene Investigation, 2nd2 Ed. John R. Vacca 5
6 Fragile Nature of Digital Evidence The next 3 slides demonstrate what happens when you operate a computer. Evidence is modified. Evidence is destroyed. Source: Preservation of Fragile ---- Digital Evidence by First Responders --- Special Agent Jesse Kornblum ----Air Force Office of Special Investigations Files In Original Condition Files After Opening and Viewing The last accessed date and time changes any time a file is opened and viewed while the computer is in operation. Exception is Windows Vista and Newer Files After Saving The last written (Last modified) date and time changes any time a file is saved or copied while the computer is in operation. And for other reasons, Other Digital Evidence Global Position Systems (GPS) Units (location data) Vehicle Black Boxes (trucking industry) ipods (employee theft) Digital Cameras (sex crimes) Security Cameras (robberies, wrongful death) Audio Recordings (wrongful death, terrorism, murder, defendant interviews) Game Consoles (murder) Security Systems (murder) Back up Tapes (data recovery, fraud) Experts Defendant as Expert Why a Forensics Expert? Computer Forensics Expert Should have comparable or better training and experience than the other expert. Should have specific training and experience as a digital forensics expert Should have access to the same tools as the opposing expert Must be able to qualify as a forensic expert in court 6
7 Technical Expertise Comparison Legal Expertise Comparison Investigative Expertise Comparison Computer Experts No training in examination or investigation Get caught up in what-ifs that have no bearing on the case Do not know where to look for evidence Digital Forensics Experts Examination is targeted to the device, operating system and type of case Certifications Forensic Tools Do they have appropriate forensic tools and know how to use them? Selecting a Digital Forensics Expert - Required to perform many digital forensic functions - Computer Forensics (EnCase, FTK) - Cell Phone Forensics (CelleBrite, Paraben, Susteen) - Almost always needed to perform forensically sound acquisitions and examinations. Selecting an Expert: Overview 1. Actual training in digital forensics and sub-disciplines? 2. Digital Forensics certifications? Or just computer based certifications? 3. Actual case experience? 4. Recommendation letters from other professionals, particularly attorneys? 5. Background check? 6. References? Selecting an Expert: Overview RALEIGH (WTVD) --The defense asked for a mistrial Tuesday in the Brad Cooper murder trial. The move came as the first witness for the defense endured a withering examination by the prosecution on his qualifications to testify as an expert. James Ward of WireGhost Security told the court he was an expert in computer network security, but the prosecution questioned his qualifications to testify about Cooper's computers as a forensics expert. Selecting an Expert: Overview Arguing before Gessner Tuesday, the prosecution said Ward lacked the proper education and experience to say there was evidence of computer tampering. "He has a home lab. He borrowed his tools from Cisco. He doesn't know what software he used," said prosecutor Boz Zellinger. Zellinger said the prosecution and defense should be held to the same standards on expert witnesses, and Ward falls short. "I would be laughed out of this building," said Zellinger. Gessner ruled that Ward could testify about network security, but he could not testify about the FBI reports on Cooper's computers. Defense computer expert James Ward (WTVD Photo) 7
8 Spotting a Problem Expert Attitude: How does the expert interact with your team? 1. Arrogant or superior? 2. Does he or she take the time to explain to properly explain technical concepts in easy to understand language? The Bull Factor 1. If an expert does not have the answer to a question, does he or she try to convince you that they do anyway? 2. Great risk when testifying. 3. Use of jargon to cover up ignorance. Expectations of a Forensics Expert Computer Forensics Expert Expected to Anticipate testimony of opposing expert based on the forensic reports and discovery Duplicate and verify the opposing expert s work Assist the attorney in preparation for trial Advise the attorney as to the merits of the case in regards to the digital evidence presented. Write direct and cross exam questions Analysis Analyzing the Case Always work the case like you are the primary examiner. Never assume anything. Check all the points in the case where mistakes are normally made: Chain of custody. Examination standard procedures. RTC verified for all evidence containing clocks. Evidence handling at the scene. Was everything examined. Claims made in the forensics report. Pay particular attention to keyword search results, internet history results, link files, etc. Placing the defendant at the computer. Performing the Analysis Step one: Verify the accuracy of their findings Did they represent their findings correctly? How thorough was the examination? Verify the completeness of their report Is everything they found in the report?» Why or why not? Was exculpatory evidence ignored or missed? Establishing a framework for analysis Reading discovery documents Reading the computer forensics reports What claims are being made? What statements were made? What facts support the claims and which do not? What clues can lead to a more thorough digital analysis? Defendant's statements Witness statements Police statements and interviews Call center records Search warrants and subpoenas Other supporting documents Law Enforcement's computer forensics report Case Analysis Examples Document Metadata Example 8
9 Picture Metadata Example Picture Metadata Example Internet History Before Clearing Internet History After Clearing Challenging the evidence What the heck is unallocated space?» Unallocated space is areas on the hard drive that are available to store data.» When a file is deleted, it is only marked as deleted, so the old data remains on the hard drive in the unallocated space.» Forensic tools can recover files from this unallocated area of the hard drive.» Files recovered from unallocated space do not contain:» Dates or times.» Original file names» Original location on the hard drive. Contact Information: Guardian Digital Forensics Questions? 9
About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics
Larry E. Daniel, EnCE, DFCP, BCE Digital Forensic Examiner Digital Forensics for Attorneys An Overview of Digital Forensics About Your Presenter EnCase Certified Examiner (EnCE) Digital Forensics Certified
More information10/11/2012. Digital Forensics for Attorneys - Part 2. Digital Forensics For Attorneys. Experts. Larry E. Daniel, EnCE, DFCP, BCE
Larry E. Daniel, EnCE, DFCP, BCE Digital Forensics for Attorneys - Part 2 Experts, Analysis, Challenging Evidence Digital Forensics For Attorneys Part I Overview of Digital Forensics Types of Digital Evidence
More informationDigital Forensics for Attorneys - Part 2
Lars Daniel, EnCE Digital Forensics for Attorneys - Part 2 Experts, Analysis, Challenging Evidence Digital Forensics For Attorneys Part I Overview of Digital Forensics Types of Digital Evidence Acquisition
More informationDigital Forensics. Larry Daniel
Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters
More informationCell Phone Forensics For Legal Professionals
1 Cell Phone Forensics For Legal Professionals Lars E. Daniel, EnCE, ACE, AME, CTNS, SCE, SCCM, SCA Digital Forensics Examiner Cell Phone Acquisition and Examination Collection and Acquiring Cell Phones
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationDigital Evidence Collection and Use. CS 585 Fall 2009
Digital Evidence Collection and Use CS 585 Fall 2009 Outline I. II. III. IV. Disclaimers Crime Scene Processing Legal considerations in Processing Digital Evidence A Question for Discussion Disclaimers
More informationUSES OF INTERNET TECHNOLOGIES IN CHILD SEXUAL ABUSE CASES. Peer to Peer Networking TYPES OF TECHNOLOGY. Presentation Supplement. How can it be used?
TYPES OF TECHNOLOGY Peer to Peer Networking Networks in which computers are equal partners using common file sharing programs that allow users to connect directly to each other s computer hard drive to
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationBreakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements
Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University
More informationChapter 7 Securing Information Systems
1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,
More informationComputer Forensics as an Integral Component of the Information Security Enterprise
Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,
More informationDigital Forensics & e-discovery Services
Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities
More informationIAPE STANDARDS SECTION 16 DIGITAL EVIDENCE
IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE IAPE STANDARD SECTION 16.1 DIGITAL EVIDENCE Standard: Digital evidence is a critical element of modern criminal investigation that should be maintained in strict
More informationDigital Forensics & e-discovery Services
Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities
More informationComputer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona
Computer Forensics and What Is, and Is Not, There on Your Client s Computer Rick Lavaty, Computer Systems Administrator, District of Arizona Eddy Archibeque, Computer Systems Administrator, District of
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationServices. Computer Forensic Investigations
DataTriangle, Inc. is uniquely structured to provide you with a high quality expert as expeditiously as possible. Charles Snipes has nearly 15 years of experience with criminal investigations in the areas
More informationHow To Be A Computer Forensics Examiner
Richard A. Peacock 410.346.7288 (Office) 443.398.5246 (Cell) rich@realforensicanalysis.com EnCase Certified Examiner (EnCE) Access Data Certified Examiner (ACE) Access Data Mobile Phone Certified Examiner
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationRunning head: DIGITAL EVIDENCE: 1
Running head: DIGITAL EVIDENCE: 1 Digital Evidence: How can the Des Moines Fire Department utilize this evidence in fire investigations? Mark Dooley Des Moines Fire Department, Des Moines, IA DIGITAL EVIDENCE:
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationPresentation Title Presentation Subtitle. The Unique Alternative to the Big Four
Presentation Title Presentation Subtitle The Unique Alternative to the Big Four Speaker Biography Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Senior Manager, Crowe Horwath LLP Forensic Technology Services Leader
More informationCriminal Investigation CRJ141. Matthew McCarty
Criminal Investigation CRJ141 Matthew McCarty Chapter 1 Criminal Investigation: An Overview CSI Effect The exaggerated depiction of how television forensic science operates, creating a phenomenon in which
More informationCertified Digital Forensics Examiner
Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the
More informationDecades of Successful Sex Crimes Defense Contact the Innocence Legal Team Now
Criminal Court Felonies The U.S. has the highest rate of felony conviction and imprisonment of any industrialized nation. A felony crime is more serious than a misdemeanor, but the same offense can be
More informationITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York
INSTRUCTOR INFORMATION Name: Sanjay Goel Email: goel@albany.edu Phone: (518) 442-4925 Office Location: BA 310b, University at Albany Office Hours: TBD CLASS INFORMATION Time: N/A Location: Online Dates:
More informationForensic Photographic Comparison Analysis
Forensic Photographic Comparison Analysis Richard W. Vorder Bruegge, Ph.D. Examiner of Questioned Photographic Evidence FBI Operational Technology Division Forensic Audio, Video and Image Analysis Unit
More informationHow To Solve A Violent Home Invasion With A United Force
Use Case SOLVING VIOLENT CRIMES WITH A UNIFIED WORKFLOW In a Violent Home Invasion Investigation, the UFED Series Seamlessly Unifies Workflows from Field to Lab A series of violent home invasions has everyone
More informationVI. Preparing for Successful Prosecution
VI. Preparing for Successful Prosecution Prosecutors at all levels share law enforcement s challenges in successfully bringing often complex identity crime cases to closure. Key challenges cited by members
More informationCAPABILITY STATEMENT. > Forensic Technology Team < Daniel Hains, Director t (07) 3228 4028 e dhains@vincents.com.au w www.vincents.com.
CAPABILITY STATEMENT > Forensic Technology Team < Daniel Hains, Director t (07) 3228 4028 e dhains@vincents.com.au w www.vincents.com.au CAPABILITY FORENSIC TECHNOLOGY INDEX Page No. Introduction... 3
More informationComputer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit
Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians
More informationLawrence Police Department Administrative Policy. August 2013
Lawrence Police Department Administrative Policy SUBJECT Competencies APPLIES TO All Personnel EFFECTIVE DATE REVISED DATE August 2013 APPROVED BY Chief of Police TOTAL PAGES 4 POLICY CHAPTER 10 Competencies
More informationPresented by: Greg Chatten, CEO Forensic Computer Service, Inc. 636.273.4400 gchatten@forensiccomputerservice.com (c) Forensic Computer Service, Inc.
Presented by: Greg Chatten, CEO Forensic Computer Service, Inc. 636.273.4400 gchatten@forensiccomputerservice.com Before consumer electronics hit the world electronic recovery and examination of computer
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationNancy W. Peterson Forensic Biology Consultants, LLC July 7, 2011
Nancy W. Peterson Forensic Biology Consultants, LLC July 7, 2011 My Qualifications 20 years : Forensic Serology and DNA cases at the FDLE 30+ years: Training Forensic DNA Technologists & DNA Analysts 30+
More informationTo Catch a Thief: Computer Forensics in the Classroom
To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California
More informationCRIMINAL LAW AND VICTIMS RIGHTS
Chapter Five CRIMINAL LAW AND VICTIMS RIGHTS In a criminal case, a prosecuting attorney (working for the city, state, or federal government) decides if charges should be brought against the perpetrator.
More informationBest Practices Page 1
BEST PRACTICES FOR ELECTRONIC DISCOVERY IN CRIMINAL CASES Western District of Washington Adopted March 21, 2013 These best practices reflect recommendations adopted in February 2012 by the Department of
More informationThe Rights of Crime Victims in Texas
The Rights of Crime Victims in Texas 1 Housekeeping Please turn off cell phones and pagers or place in a silent mode. Questions can be answered in presentations or during break. 2 Constitutional Rights
More informationSTATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION
STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION TITLE GRADE EEO-4 CODE SUPERVISORY CRIMINAL INVESTIGATOR II 43* D 13.241 SUPERVISORY CRIMINAL INVESTIGATOR
More informationd CRIMINAL INVESTIGATION ADMINISTRATION OF JUSTICE 5 Spring 2015
d CRIMINAL INVESTIGATION ADMINISTRATION OF JUSTICE 5 Spring 2015 Instructor: Steven J. Katz West Los Angeles College Course Section No. 7574 MW 7:35am-9:10am ARTC E-mail: katzsj@wlac.edu Contact Telephone:
More informationCase 1:15-cr-00213-SJ Document 32 Filed 07/30/15 Page 1 of 5 PageID #: 102
Case 1:15-cr-00213-SJ Document 32 Filed 07/30/15 Page 1 of 5 PageID #: 102 U.S. Department of Justice United States Attorney Eastern District of New York DMP/JSC 271 Cadman Plaza East F. #2014R00196 Brooklyn,
More informationWhat is Digital Forensics?
DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationhttps://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820
Page 1 of 5 DAKOTA COUNTY Employee Relations Administration Center, 1590 Highway 55 Hastings, MN 55033-2372 651.438.4435 http://www.dakotacounty.us INVITES APPLICATIONS FOR THE POSITION OF: Electronic
More informationComputer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT-103-002. Research Paper
1 Computer Forensics: History, Tools and Outlooks By John Burns IT-103-002 Research Paper 02/25/2012 "By placing this statement on my webpage, I certify that I have read and understand the GMU Honor Code
More informationBDO CONSULTING FORENSIC TECHNOLOGY SERVICES
BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,
More informationBattling Current Technological Trends
Law Enforcement Incident Response to Cybercrimes & Battling Current Technological Trends Corey J. Bourgeois, Computer Forensic Examiner & David Ferris, Investigator Louisiana Department of Justice HTCU
More informationCASCADE COUNTY ATTORNEY S OFFICE PARTNER/FAMILY MEMBER ASSAULT PROSECUTION PLAN
CASCADE COUNTY ATTORNEY S OFFICE PARTNER/FAMILY MEMBER ASSAULT PROSECUTION PLAN I. DEFINITIONS A. (a). Partner/Family Member Assault, 45-5-206 MCA, means the following, if committed against a partner or
More information5. MEDICAL AND CRIMINAL JUSTICE SYSTEM
5. MEDICAL AND CRIMINAL JUSTICE SYSTEM The Medical and Criminal Justice System section is for recording information about each client s experiences with those systems. This information is optional and
More informationITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT
ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationComputer Forensics Today
L A W, I N V E S T I G A T I O N S, A N D E T H I C S Computer Forensics Today Kelly J. (KJ) Kuchta When people hear the word forensics, it often generates a mental image of the movie series with Jack
More informationS. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine:
S. Robert Radus, CPA CFE PI Curricula Vitae Catalogue of Forensic Accounting and Computer Services Examination of plaintiff, respondent, and defendant books and records to determine: 1. Violations of Law.
More informationIntroduction. IMF Conference September 2008
Live Forensic Acquisition as Alternative to Traditional Forensic Processes Marthie Lessing* Basie von Solms Introduction The Internet and technology developments introduced a sharp increase in computer
More informationCSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak
CSN08101 Digital Forensics Lecture 4A: Forensic Processes Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Forensics Processes - objectives Investigation Process Forensic Ethics Issues Forensic
More informationCERTIFIED DIGITAL FORENSICS EXAMINER
CERTIFIED DIGITAL FORENSICS EXAMINER KEY DATA Course Title: C)DFE Duration: 5 days CPE Credits: 40 Class Format Options: Instructor-led classroom Live Online Training Computer Based Training Who Should
More informationNational District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors
National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More informationInformation Technologies and Fraud
Information Technologies and Fraud Florin Gogoasa CISA, CFE, CGEIT, CRISC ACFE Romania - Founder and Board member Managing Partner Blue Lab Consulting Information Technologies for Fraud investigation A.
More informationKeywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools
Computer Forensics Procedures, Tools, and Digital Evidence Bags 1 Computer Forensic Tools Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools Computer Forensics Procedures,
More informationPlease Step Out of The Car
Urban Survival Guide: Please Step Out of The Car A Step by Step Guide Through The Los Angeles DUI & DMV Process MR DUI LA Attorney Mark Rosenfeld The Law Office of Mark Rosenfeld 800-9700-DUI (384) MRDUILA.com
More informationAttorney General Balderas Criminal Affairs Update to Courts, Corrections & Justice Interim Committee
FOR IMMEDIATE RELEASE: Contact: James Hallinan September 24, 2015 (505) 660-2216 Attorney General Balderas Criminal Affairs Update to Courts, Corrections & Justice Interim Committee Albuquerque, NM Today,
More informationInvestigation Techniques
Investigation Techniques Planning and Conducting a Fraud Examination 2013 Association of Certified Fraud Examiners, Inc. Fraud Examination Fraud examination refers to a process of resolving allegations
More informationQUALITY STANDARDS FOR DIGITAL FORENSICS
QUALITY STANDARDS FOR DIGITAL FORENSICS November 20, 2012 TABLE OF CONTENTS PREFACE... ii MANAGEMENT STANDARDS... 1 A. DIGITAL FORENSIC CAPABILITY... 1 B. QUALITY MANAGEMENT... 2 PERSONNEL STANDARDS...
More informationSensitive Incident Investigations. Digital Risk Management. Forensics Testing.
Sensitive Incident Investigations. Digital Risk Management. Forensics Testing. 2009 Innovation Award Winner Austin Chamber of Commerce 2010 Innovation Award Finalist Austin Chamber of Commerce Only private
More informationLance Eliot Sloves. Computer Forensic Services, Inc. 2807 Allen St. #743 E-mail: lancesl@cfsiusa.com
Lance Eliot Sloves Certified Computer Examiner (CCE, EnCE) Licensed Private Investigator, TX Testifying Expert Independent Government Contractor Active Top Secret/SSBI US Government Clearance Computer
More informationCYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.
CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11 DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationTen Deadly Sins of Computer Forensics
Ten Deadly Sins of Computer Forensics Cyber criminals take advantage of the anonymity of the Internet to escape punishment. Computer Forensics has emerged as a new discipline to counter cyber crime. This
More informationDomestic Violence Case Management Plan
Domestic Violence Case Management Plan From the commencement of litigation to its resolution, whether by trial or settlement, it is the goal of this Court to reduce delay and enable just and efficient
More informationSUMMARY SELECTED EXAMPLE ENGAGEMENTS. Jerry Hatchett
SUMMARY Mr. Hatchett consults in the areas of digital forensics and electronic providing assistance to law firms, businesses of all sizes, federal and state courts, and foreign and domestic governmental
More informationSTATE POLICE TROOPER
JOB DESCRIPTION MICHIGAN CIVIL SERVICE COMMISSION JOB SPECIFICATION STATE POLICE TROOPER Employees in this job are police officers, responsible for the enforcement of all traffic and criminal laws of the
More informationKIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm
KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm HOUSTON AUSTIN KIMMONS INVESTIGATIVE SERVICES, INC. HIGHLY RESPECTED, SKILLED TEAM OF INVESTIGATORS Rob Kimmons,
More informationCOMMONWEALTH OF MASSACHUSETTS THE TRIAL COURT STANDING ORDER NO. 2-86 (AMENDED)
COMMONWEALTH OF MASSACHUSETTS THE TRIAL COURT SUFFOLK, ss. SUPERIOR COURT DEPARTMENT STANDING ORDER NO. 2-86 (AMENDED) Applicable to All Counties to cases initiated by indictment on or after September
More informationKIMMONS INVESTIGATIVE SERVICES, INC.
KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm HOUSTON AUSTIN National & Worldwide Affiliates KIMMONS INVESTIGATIVE SERVICES, INC. HIGHLY RESPECTED, SKILLED TEAM
More informationSTATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION
STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION TITLE GRADE EEO-4 CODE AG Deputy Chief Investigator 42 D 13.246 SERIES CONCEPT Criminal Investigators
More informationC RIMINAL LAW O V E RVIEW OF T H E T E XAS C RIMINAL J USTICE P ROCESS
T E X A S Y O U N G L A W Y E R S A S S O C I A T I O N A N D S T A T E B A R O F T E X A S C RIMINAL LAW 1 0 1 : O V E RVIEW OF T H E T E XAS C RIMINAL J USTICE P ROCESS A C RIMINAL LAW 1 0 1 Prepared
More informationA Victim s Guide to Understanding the Criminal Justice System
A Victim s Guide to Understanding the Criminal Justice System The Bartholomew County Prosecutor s Office Victim Assistance Program Prosecutor: William Nash 234 Washington Street Columbus, IN 47201 Telephone:
More informationResponsible use of ICT Devices Agreement
Responsible use of ICT Devices Agreement This document is comprised of this cover page and three sections: Section A: Section B: Section C: Introduction Cybersafety Rules for Junior Primary Students Cybersafety
More informationWILLIAM OETTINGER PHONE (702) 292-4645 WOETTINGER@GMAIL.COM
WILLIAM OETTINGER PHONE (702) 292-4645 WOETTINGER@GMAIL.COM SUMMARY OF QUALIFICATIONS Veteran investigator in a traditional and computer-related environment. A leader experienced in organizing, directing,
More informationIN THE CIRCUIT COURT OF THE CITY OF ST. LOUIS STATE OF MISSOURI ) ) ) ) ) ) ) ) ) PLAINTIFF'S INTERROGATORIES DIRECTED TO DEFENDANT
IN THE CIRCUIT COURT OF THE CITY OF ST. LOUIS STATE OF MISSOURI, Plaintiff, vs., Defendant. Cause No. Division No. PLAINTIFF'S INTERROGATORIES DIRECTED Comes now plaintiff and, in accordance with the Missouri
More informationBuild Stronger Cases with Mobile Device Link Analysis
White Paper Build Stronger Cases with Mobile Device Link Analysis How data from mobile devices reveals the patterns of life that can make for stronger proactive and reactive investigations - on the street
More informationImmigration and Customs Enforcement Forensic Analysis of Electronic Media
for the Immigration and Customs Enforcement Forensic Analysis of Electronic Media DHS/ICE/PIA-042 May 11, 2015 Contact Point Peter T. Edge Executive Assistant Director Homeland Security Investigations
More informationJOB TITLE JOB CODE PAY GRADE EFFECTIVE Medicaid Fraud Intake Officer 26140AG 29 11/15/2015
`STATE OF OHIO (DAS) CLASSIFICATION SPECIFICATION SERIES PURPOSE CLASSIFICATION SERIES Medicaid Special Agent MAJOR AGENCIES Attorney General Only SERIES NUMBER 2614AG EFFECTIVE 11/15/2015 The purpose
More informationInformation for Crime Victims and Witnesses
Office of the Attorney General Information for Crime Victims and Witnesses MARCH 2009 LAWRENCE WASDEN Attorney General Criminal Law Division Special Prosecutions Unit Telephone: (208) 332-3096 Fax: (208)
More informationMINNESOTA JUDICIAL TRAINING UPDATE
MINNESOTA JUDICIAL TRAINING UPDATE CRIMINAL VOIR DIRE QUESTIONS ASKED BY THE COURT THE MN SUPREME COURT TASK FORCE ON JURY SELECTION HAS RECOMMENDED THAT JUDGES BE MORE PROACTIVE IN ASKING INITIAL QUESTIONS
More informationChapter 4 Crimes (Review)
Chapter 4 Crimes (Review) On a separate sheet of paper, write down the answer to the following Q s; if you do not know the answer, write down the Q. 1. What is a crime? 2. There are elements of a crime.
More informationHow is Your Company Positioned to Deal With Law Enforcement?
How is Your Company Positioned to Deal With Law Enforcement? Tim Proffitt September 2009 GIAC GSEC, GCIH, GCPM, GSLC, GLEG, GSNA SANS Technology Institute - Candidate for Master of Science Degree 1 1 Introduction
More informationDIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,
DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia
More information24/7 High Tech Crime Network
24/7 High Tech Crime Network Albert Rees Computer Crime & Intellectual Property Section Criminal Division, U.S. Department of Justice 24/7 Network The G-8 24/7 Network for Data Preservation Points of contact
More informationI. ELIGIBILITY FOR BOTH PRE-CHARGE AND POST-CHARGE DIVERSION: 1. Admit guilt and acknowledge responsibility for their action.
ANOKA COUNTY ADULT CRIMINAL DIVERSION PLAN Effective July 1, 1994 - Revised 8/1/02, 9/5/07, 9/11/08 (Revisions apply only to crimes occurring on or after 9/1/08). The following plan has been developed
More informationCounty of Monterey DISTRICT ATTORNEY INVESTIGATOR I
DISTRICT ATTORNEY INVESTIGATOR I DEFINITION Under supervision, investigates cases of suspected welfare fraud and other criminal activity to obtain facts and evidence in support of administrative action
More information