Digital Forensics for Attorneys Overview of Digital Forensics

Size: px
Start display at page:

Download "Digital Forensics for Attorneys Overview of Digital Forensics"

Transcription

1 Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence Acquisition (Collection) and Preservation Experts, Evidence and Analysis Understand Forensic Experts vs. Computer Experts Digital evidence: discovery and usage Overview of Digital Forensics Analysis Challenging Digital Evidence In The Beginning Digital Footprints Digital evidence in 80% of cases 5+ billion cell phone subscriptions Digital Forensics Not Only Computers Computer Forensics Computers and Data Storage Devices Hard drives, USB thumb drives, Backup Tapes, Media cards Social Media Forensics Facebook, Twitter, Chat, MySpace, Internet Presence on Blogs, Message Boards Forensics Back tracking s recovery authentication By 2013 there will be over 1 trillion devices connected to the Internet 1

2 Digital Forensics The Sub-Disciplines Peer to Peer Forensics File sharing via Limewire, BitTorrent, Gigatribe, itunes, others Cell Phone Forensics Call logs, contacts, text messages, pictures, movies, geolocation Cellular Evidence Forensics Cell phone record analysis, Cell phone ping analysis, Cell tower mapping Typical Case Types: Murder, Kidnapping, Drugs Digital Forensics The Sub Disciplines Digital Video and Image Forensics Security Video, Camera Video, Pictures Audio Forensics Police Interviews, Police Radio Recordings, Wiretaps GPS (Global Positioning Systems) Data from GPS units, Logs from GPS tracking, House Arrest Some Basics Common Mistakes CPU Inside The Computer RAM Random Access Memory Only contains data while the computer is turned on. Temporary processing storage only used while operating the computer. Is cleared when the computer shuts down or re-starts. Calling these monitors, CPUs, Hard Drives, etc. CPU Central Processing Unit Only performs calculations. Stores nothing. The brain of the computer. Inside The Computer Inside The Computer Hard drives today can store millions of Pictures Music files Movies Passwords s Web Pages Chats These are hard drives too. The Hard Drive stores the evidence... 2

3 Digital Evidence Digital Evidence Digital Evidence Digital Evidence Overview Digital Forensics Four Primary Areas of Focus Acquisition (Collection) Obtaining the original evidence items Making forensic copies of original evidence Preservation Protecting the original evidence items Analysis Finding evidence Presentation Reporting findings and testimony Digital Forensics Foundations The foundation of digital forensics is the ability to collect, preserve and recover data in a forensically sound manner. Forensic Processes and Tools must be: 1. Predictable 2. Repeatable 3. Verifiable Forensic Documentation must include: Unbroken Chain of Custody Documentation of all actions taken Digital Forensics The Sub-Disciplines Computer Forensics Computers and Data Storage Devices Typical Case Types: All Social Media Forensics Facebook, Twitter, Chat, MySpace, Internet Presence on Blogs, Message Boards Typical Case Types: Infidelity, Libel and Slander, Employee Wrongdoing Forensics Back tracking s recovery Typical Case Types: Murder, Rape, Infidelity, Sexual Harassment, Child Pornography Digital Forensics The Sub-Disciplines Peer to Peer Forensics File sharing via Limewire, BitTorrent, others Typical Case Types: Child Pornography, Copyright Violations, Data Theft Cell Phone Forensics Call logs, contacts, text messages, pictures, movies, geo-location Typical Case Types: Murder, Sexting, Infidelity, Rape, Kidnapping, Drugs Cellular Evidence Forensics Cell phone record analysis, Cell phone ping analysis, Cell tower mapping Typical Case Types: Murder, Kidnapping, Drugs Digital Forensics The Sub Disciplines Digital Video and Image Forensics Security Video, Camera Video, Pictures Typical Case Types: Murder, Theft, Employee Misconduct, Wrongful Death Audio Forensics Police Interviews, Police Radio Recordings, Wiretaps Typical Case Types: Murder, Conspiracy, Wrongful Death GPS (Global Positioning Systems) Data from GPS units, Logs from GPS tracking, House Arrest Typical Case Types: Murder, Parole Violations, Kidnapping 3

4 Acquiring (Collecting) and Handling Digital Evidence Digital forensics requires forensically sound acquisitions. Defensible Practices Proper Chain of Custody Verification of evidence Proper documentation Acquisition (Collection) First contact with the original evidence. Most critical time for protecting the originals. Most likely time for police or others to damage or change evidence. General rules MUST be followed to preserve and protect evidence during this critical first response period. First point in establishing chain of custody. Polices for Law Enforcement are published by the National Institute for Justice Acquisition (Collection) First responders should be trained to handle this type of evidence. Digital evidence is fragile. Digital evidence is easily altered if not handled properly. Simply turning a computer on or operating the computer changes and damages evidence. This is Not Forensically Sound What Is Forensically Sound? This is ForensicallySound Verification Must Be Done 4

5 Organization of Logical Data on a Hard Drive Physical Acquisition A complete mirror image of the physical storage media, also referred to as a bit-stream copy. Gets everything, including deleted data and unallocated space Collected in forensic format that is easily verifiable Meets the standards for original evidence Supports full chain of custody Cannot be contaminated. Two Types of Deleted Data Preservation Once digital evidence is seized it must be handled carefully to preserve and protect the evidence. Everything should be tagged. No one should operate or preview any evidence on writable media without proper tools and training. Forensically sound copies of all original evidence must be made before analysis. Records must be kept. Fragile Nature of Digital Evidence The simple act of turning a computer on can destroy or change critical evidence and render that evidence useless. Maryland State Police -- Criminal Enforcement Command --Computer Crimes Unit Even the normal operation of the computer can destroy computer evidence that might be lurking in unallocated space, file slack, or in the Windows swap file. Computer Forensics, Computer Crime Scene Investigation, 2nd2 Ed. John R. Vacca 5

6 Fragile Nature of Digital Evidence The next 3 slides demonstrate what happens when you operate a computer. Evidence is modified. Evidence is destroyed. Source: Preservation of Fragile ---- Digital Evidence by First Responders --- Special Agent Jesse Kornblum ----Air Force Office of Special Investigations Files In Original Condition Files After Opening and Viewing The last accessed date and time changes any time a file is opened and viewed while the computer is in operation. Exception is Windows Vista and Newer Files After Saving The last written (Last modified) date and time changes any time a file is saved or copied while the computer is in operation. And for other reasons, Other Digital Evidence Global Position Systems (GPS) Units (location data) Vehicle Black Boxes (trucking industry) ipods (employee theft) Digital Cameras (sex crimes) Security Cameras (robberies, wrongful death) Audio Recordings (wrongful death, terrorism, murder, defendant interviews) Game Consoles (murder) Security Systems (murder) Back up Tapes (data recovery, fraud) Experts Defendant as Expert Why a Forensics Expert? Computer Forensics Expert Should have comparable or better training and experience than the other expert. Should have specific training and experience as a digital forensics expert Should have access to the same tools as the opposing expert Must be able to qualify as a forensic expert in court 6

7 Technical Expertise Comparison Legal Expertise Comparison Investigative Expertise Comparison Computer Experts No training in examination or investigation Get caught up in what-ifs that have no bearing on the case Do not know where to look for evidence Digital Forensics Experts Examination is targeted to the device, operating system and type of case Certifications Forensic Tools Do they have appropriate forensic tools and know how to use them? Selecting a Digital Forensics Expert - Required to perform many digital forensic functions - Computer Forensics (EnCase, FTK) - Cell Phone Forensics (CelleBrite, Paraben, Susteen) - Almost always needed to perform forensically sound acquisitions and examinations. Selecting an Expert: Overview 1. Actual training in digital forensics and sub-disciplines? 2. Digital Forensics certifications? Or just computer based certifications? 3. Actual case experience? 4. Recommendation letters from other professionals, particularly attorneys? 5. Background check? 6. References? Selecting an Expert: Overview RALEIGH (WTVD) --The defense asked for a mistrial Tuesday in the Brad Cooper murder trial. The move came as the first witness for the defense endured a withering examination by the prosecution on his qualifications to testify as an expert. James Ward of WireGhost Security told the court he was an expert in computer network security, but the prosecution questioned his qualifications to testify about Cooper's computers as a forensics expert. Selecting an Expert: Overview Arguing before Gessner Tuesday, the prosecution said Ward lacked the proper education and experience to say there was evidence of computer tampering. "He has a home lab. He borrowed his tools from Cisco. He doesn't know what software he used," said prosecutor Boz Zellinger. Zellinger said the prosecution and defense should be held to the same standards on expert witnesses, and Ward falls short. "I would be laughed out of this building," said Zellinger. Gessner ruled that Ward could testify about network security, but he could not testify about the FBI reports on Cooper's computers. Defense computer expert James Ward (WTVD Photo) 7

8 Spotting a Problem Expert Attitude: How does the expert interact with your team? 1. Arrogant or superior? 2. Does he or she take the time to explain to properly explain technical concepts in easy to understand language? The Bull Factor 1. If an expert does not have the answer to a question, does he or she try to convince you that they do anyway? 2. Great risk when testifying. 3. Use of jargon to cover up ignorance. Expectations of a Forensics Expert Computer Forensics Expert Expected to Anticipate testimony of opposing expert based on the forensic reports and discovery Duplicate and verify the opposing expert s work Assist the attorney in preparation for trial Advise the attorney as to the merits of the case in regards to the digital evidence presented. Write direct and cross exam questions Analysis Analyzing the Case Always work the case like you are the primary examiner. Never assume anything. Check all the points in the case where mistakes are normally made: Chain of custody. Examination standard procedures. RTC verified for all evidence containing clocks. Evidence handling at the scene. Was everything examined. Claims made in the forensics report. Pay particular attention to keyword search results, internet history results, link files, etc. Placing the defendant at the computer. Performing the Analysis Step one: Verify the accuracy of their findings Did they represent their findings correctly? How thorough was the examination? Verify the completeness of their report Is everything they found in the report?» Why or why not? Was exculpatory evidence ignored or missed? Establishing a framework for analysis Reading discovery documents Reading the computer forensics reports What claims are being made? What statements were made? What facts support the claims and which do not? What clues can lead to a more thorough digital analysis? Defendant's statements Witness statements Police statements and interviews Call center records Search warrants and subpoenas Other supporting documents Law Enforcement's computer forensics report Case Analysis Examples Document Metadata Example 8

9 Picture Metadata Example Picture Metadata Example Internet History Before Clearing Internet History After Clearing Challenging the evidence What the heck is unallocated space?» Unallocated space is areas on the hard drive that are available to store data.» When a file is deleted, it is only marked as deleted, so the old data remains on the hard drive in the unallocated space.» Forensic tools can recover files from this unallocated area of the hard drive.» Files recovered from unallocated space do not contain:» Dates or times.» Original file names» Original location on the hard drive. Contact Information: Guardian Digital Forensics Questions? 9

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics Larry E. Daniel, EnCE, DFCP, BCE Digital Forensic Examiner Digital Forensics for Attorneys An Overview of Digital Forensics About Your Presenter EnCase Certified Examiner (EnCE) Digital Forensics Certified

More information

10/11/2012. Digital Forensics for Attorneys - Part 2. Digital Forensics For Attorneys. Experts. Larry E. Daniel, EnCE, DFCP, BCE

10/11/2012. Digital Forensics for Attorneys - Part 2. Digital Forensics For Attorneys. Experts. Larry E. Daniel, EnCE, DFCP, BCE Larry E. Daniel, EnCE, DFCP, BCE Digital Forensics for Attorneys - Part 2 Experts, Analysis, Challenging Evidence Digital Forensics For Attorneys Part I Overview of Digital Forensics Types of Digital Evidence

More information

Digital Forensics for Attorneys - Part 2

Digital Forensics for Attorneys - Part 2 Lars Daniel, EnCE Digital Forensics for Attorneys - Part 2 Experts, Analysis, Challenging Evidence Digital Forensics For Attorneys Part I Overview of Digital Forensics Types of Digital Evidence Acquisition

More information

Digital Forensics. Larry Daniel

Digital Forensics. Larry Daniel Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters

More information

Cell Phone Forensics For Legal Professionals

Cell Phone Forensics For Legal Professionals 1 Cell Phone Forensics For Legal Professionals Lars E. Daniel, EnCE, ACE, AME, CTNS, SCE, SCCM, SCA Digital Forensics Examiner Cell Phone Acquisition and Examination Collection and Acquiring Cell Phones

More information

Overview of Computer Forensics

Overview of Computer Forensics Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Digital Evidence Collection and Use. CS 585 Fall 2009

Digital Evidence Collection and Use. CS 585 Fall 2009 Digital Evidence Collection and Use CS 585 Fall 2009 Outline I. II. III. IV. Disclaimers Crime Scene Processing Legal considerations in Processing Digital Evidence A Question for Discussion Disclaimers

More information

USES OF INTERNET TECHNOLOGIES IN CHILD SEXUAL ABUSE CASES. Peer to Peer Networking TYPES OF TECHNOLOGY. Presentation Supplement. How can it be used?

USES OF INTERNET TECHNOLOGIES IN CHILD SEXUAL ABUSE CASES. Peer to Peer Networking TYPES OF TECHNOLOGY. Presentation Supplement. How can it be used? TYPES OF TECHNOLOGY Peer to Peer Networking Networks in which computers are equal partners using common file sharing programs that allow users to connect directly to each other s computer hard drive to

More information

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014 Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University

More information

Chapter 7 Securing Information Systems

Chapter 7 Securing Information Systems 1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,

More information

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE

IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE IAPE STANDARD SECTION 16.1 DIGITAL EVIDENCE Standard: Digital evidence is a critical element of modern criminal investigation that should be maintained in strict

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Computer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona

Computer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona Computer Forensics and What Is, and Is Not, There on Your Client s Computer Rick Lavaty, Computer Systems Administrator, District of Arizona Eddy Archibeque, Computer Systems Administrator, District of

More information

Hands-On How-To Computer Forensics Training

Hands-On How-To Computer Forensics Training j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE

More information

Services. Computer Forensic Investigations

Services. Computer Forensic Investigations DataTriangle, Inc. is uniquely structured to provide you with a high quality expert as expeditiously as possible. Charles Snipes has nearly 15 years of experience with criminal investigations in the areas

More information

How To Be A Computer Forensics Examiner

How To Be A Computer Forensics Examiner Richard A. Peacock 410.346.7288 (Office) 443.398.5246 (Cell) rich@realforensicanalysis.com EnCase Certified Examiner (EnCE) Access Data Certified Examiner (ACE) Access Data Mobile Phone Certified Examiner

More information

Computer Forensic Capabilities

Computer Forensic Capabilities Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,

More information

Running head: DIGITAL EVIDENCE: 1

Running head: DIGITAL EVIDENCE: 1 Running head: DIGITAL EVIDENCE: 1 Digital Evidence: How can the Des Moines Fire Department utilize this evidence in fire investigations? Mark Dooley Des Moines Fire Department, Des Moines, IA DIGITAL EVIDENCE:

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Presentation Title Presentation Subtitle. The Unique Alternative to the Big Four

Presentation Title Presentation Subtitle. The Unique Alternative to the Big Four Presentation Title Presentation Subtitle The Unique Alternative to the Big Four Speaker Biography Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Senior Manager, Crowe Horwath LLP Forensic Technology Services Leader

More information

Criminal Investigation CRJ141. Matthew McCarty

Criminal Investigation CRJ141. Matthew McCarty Criminal Investigation CRJ141 Matthew McCarty Chapter 1 Criminal Investigation: An Overview CSI Effect The exaggerated depiction of how television forensic science operates, creating a phenomenon in which

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the

More information

Decades of Successful Sex Crimes Defense Contact the Innocence Legal Team Now

Decades of Successful Sex Crimes Defense Contact the Innocence Legal Team Now Criminal Court Felonies The U.S. has the highest rate of felony conviction and imprisonment of any industrialized nation. A felony crime is more serious than a misdemeanor, but the same offense can be

More information

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York INSTRUCTOR INFORMATION Name: Sanjay Goel Email: goel@albany.edu Phone: (518) 442-4925 Office Location: BA 310b, University at Albany Office Hours: TBD CLASS INFORMATION Time: N/A Location: Online Dates:

More information

Forensic Photographic Comparison Analysis

Forensic Photographic Comparison Analysis Forensic Photographic Comparison Analysis Richard W. Vorder Bruegge, Ph.D. Examiner of Questioned Photographic Evidence FBI Operational Technology Division Forensic Audio, Video and Image Analysis Unit

More information

How To Solve A Violent Home Invasion With A United Force

How To Solve A Violent Home Invasion With A United Force Use Case SOLVING VIOLENT CRIMES WITH A UNIFIED WORKFLOW In a Violent Home Invasion Investigation, the UFED Series Seamlessly Unifies Workflows from Field to Lab A series of violent home invasions has everyone

More information

VI. Preparing for Successful Prosecution

VI. Preparing for Successful Prosecution VI. Preparing for Successful Prosecution Prosecutors at all levels share law enforcement s challenges in successfully bringing often complex identity crime cases to closure. Key challenges cited by members

More information

CAPABILITY STATEMENT. > Forensic Technology Team < Daniel Hains, Director t (07) 3228 4028 e dhains@vincents.com.au w www.vincents.com.

CAPABILITY STATEMENT. > Forensic Technology Team < Daniel Hains, Director t (07) 3228 4028 e dhains@vincents.com.au w www.vincents.com. CAPABILITY STATEMENT > Forensic Technology Team < Daniel Hains, Director t (07) 3228 4028 e dhains@vincents.com.au w www.vincents.com.au CAPABILITY FORENSIC TECHNOLOGY INDEX Page No. Introduction... 3

More information

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians

More information

Lawrence Police Department Administrative Policy. August 2013

Lawrence Police Department Administrative Policy. August 2013 Lawrence Police Department Administrative Policy SUBJECT Competencies APPLIES TO All Personnel EFFECTIVE DATE REVISED DATE August 2013 APPROVED BY Chief of Police TOTAL PAGES 4 POLICY CHAPTER 10 Competencies

More information

Presented by: Greg Chatten, CEO Forensic Computer Service, Inc. 636.273.4400 gchatten@forensiccomputerservice.com (c) Forensic Computer Service, Inc.

Presented by: Greg Chatten, CEO Forensic Computer Service, Inc. 636.273.4400 gchatten@forensiccomputerservice.com (c) Forensic Computer Service, Inc. Presented by: Greg Chatten, CEO Forensic Computer Service, Inc. 636.273.4400 gchatten@forensiccomputerservice.com Before consumer electronics hit the world electronic recovery and examination of computer

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

Nancy W. Peterson Forensic Biology Consultants, LLC July 7, 2011

Nancy W. Peterson Forensic Biology Consultants, LLC July 7, 2011 Nancy W. Peterson Forensic Biology Consultants, LLC July 7, 2011 My Qualifications 20 years : Forensic Serology and DNA cases at the FDLE 30+ years: Training Forensic DNA Technologists & DNA Analysts 30+

More information

To Catch a Thief: Computer Forensics in the Classroom

To Catch a Thief: Computer Forensics in the Classroom To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California

More information

CRIMINAL LAW AND VICTIMS RIGHTS

CRIMINAL LAW AND VICTIMS RIGHTS Chapter Five CRIMINAL LAW AND VICTIMS RIGHTS In a criminal case, a prosecuting attorney (working for the city, state, or federal government) decides if charges should be brought against the perpetrator.

More information

Best Practices Page 1

Best Practices Page 1 BEST PRACTICES FOR ELECTRONIC DISCOVERY IN CRIMINAL CASES Western District of Washington Adopted March 21, 2013 These best practices reflect recommendations adopted in February 2012 by the Department of

More information

The Rights of Crime Victims in Texas

The Rights of Crime Victims in Texas The Rights of Crime Victims in Texas 1 Housekeeping Please turn off cell phones and pagers or place in a silent mode. Questions can be answered in presentations or during break. 2 Constitutional Rights

More information

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION TITLE GRADE EEO-4 CODE SUPERVISORY CRIMINAL INVESTIGATOR II 43* D 13.241 SUPERVISORY CRIMINAL INVESTIGATOR

More information

d CRIMINAL INVESTIGATION ADMINISTRATION OF JUSTICE 5 Spring 2015

d CRIMINAL INVESTIGATION ADMINISTRATION OF JUSTICE 5 Spring 2015 d CRIMINAL INVESTIGATION ADMINISTRATION OF JUSTICE 5 Spring 2015 Instructor: Steven J. Katz West Los Angeles College Course Section No. 7574 MW 7:35am-9:10am ARTC E-mail: katzsj@wlac.edu Contact Telephone:

More information

Case 1:15-cr-00213-SJ Document 32 Filed 07/30/15 Page 1 of 5 PageID #: 102

Case 1:15-cr-00213-SJ Document 32 Filed 07/30/15 Page 1 of 5 PageID #: 102 Case 1:15-cr-00213-SJ Document 32 Filed 07/30/15 Page 1 of 5 PageID #: 102 U.S. Department of Justice United States Attorney Eastern District of New York DMP/JSC 271 Cadman Plaza East F. #2014R00196 Brooklyn,

More information

What is Digital Forensics?

What is Digital Forensics? DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?

More information

Computer Hacking Forensic Investigator v8

Computer Hacking Forensic Investigator v8 CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer

More information

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820 Page 1 of 5 DAKOTA COUNTY Employee Relations Administration Center, 1590 Highway 55 Hastings, MN 55033-2372 651.438.4435 http://www.dakotacounty.us INVITES APPLICATIONS FOR THE POSITION OF: Electronic

More information

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT-103-002. Research Paper

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT-103-002. Research Paper 1 Computer Forensics: History, Tools and Outlooks By John Burns IT-103-002 Research Paper 02/25/2012 "By placing this statement on my webpage, I certify that I have read and understand the GMU Honor Code

More information

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,

More information

Battling Current Technological Trends

Battling Current Technological Trends Law Enforcement Incident Response to Cybercrimes & Battling Current Technological Trends Corey J. Bourgeois, Computer Forensic Examiner & David Ferris, Investigator Louisiana Department of Justice HTCU

More information

CASCADE COUNTY ATTORNEY S OFFICE PARTNER/FAMILY MEMBER ASSAULT PROSECUTION PLAN

CASCADE COUNTY ATTORNEY S OFFICE PARTNER/FAMILY MEMBER ASSAULT PROSECUTION PLAN CASCADE COUNTY ATTORNEY S OFFICE PARTNER/FAMILY MEMBER ASSAULT PROSECUTION PLAN I. DEFINITIONS A. (a). Partner/Family Member Assault, 45-5-206 MCA, means the following, if committed against a partner or

More information

5. MEDICAL AND CRIMINAL JUSTICE SYSTEM

5. MEDICAL AND CRIMINAL JUSTICE SYSTEM 5. MEDICAL AND CRIMINAL JUSTICE SYSTEM The Medical and Criminal Justice System section is for recording information about each client s experiences with those systems. This information is optional and

More information

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

Computer Forensics Today

Computer Forensics Today L A W, I N V E S T I G A T I O N S, A N D E T H I C S Computer Forensics Today Kelly J. (KJ) Kuchta When people hear the word forensics, it often generates a mental image of the movie series with Jack

More information

S. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine:

S. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine: S. Robert Radus, CPA CFE PI Curricula Vitae Catalogue of Forensic Accounting and Computer Services Examination of plaintiff, respondent, and defendant books and records to determine: 1. Violations of Law.

More information

Introduction. IMF Conference September 2008

Introduction. IMF Conference September 2008 Live Forensic Acquisition as Alternative to Traditional Forensic Processes Marthie Lessing* Basie von Solms Introduction The Internet and technology developments introduced a sharp increase in computer

More information

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak CSN08101 Digital Forensics Lecture 4A: Forensic Processes Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Forensics Processes - objectives Investigation Process Forensic Ethics Issues Forensic

More information

CERTIFIED DIGITAL FORENSICS EXAMINER

CERTIFIED DIGITAL FORENSICS EXAMINER CERTIFIED DIGITAL FORENSICS EXAMINER KEY DATA Course Title: C)DFE Duration: 5 days CPE Credits: 40 Class Format Options: Instructor-led classroom Live Online Training Computer Based Training Who Should

More information

National District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors

National District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &

More information

Incident Response and Forensics

Incident Response and Forensics Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer

More information

Information Technologies and Fraud

Information Technologies and Fraud Information Technologies and Fraud Florin Gogoasa CISA, CFE, CGEIT, CRISC ACFE Romania - Founder and Board member Managing Partner Blue Lab Consulting Information Technologies for Fraud investigation A.

More information

Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools

Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools Computer Forensics Procedures, Tools, and Digital Evidence Bags 1 Computer Forensic Tools Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools Computer Forensics Procedures,

More information

Please Step Out of The Car

Please Step Out of The Car Urban Survival Guide: Please Step Out of The Car A Step by Step Guide Through The Los Angeles DUI & DMV Process MR DUI LA Attorney Mark Rosenfeld The Law Office of Mark Rosenfeld 800-9700-DUI (384) MRDUILA.com

More information

Attorney General Balderas Criminal Affairs Update to Courts, Corrections & Justice Interim Committee

Attorney General Balderas Criminal Affairs Update to Courts, Corrections & Justice Interim Committee FOR IMMEDIATE RELEASE: Contact: James Hallinan September 24, 2015 (505) 660-2216 Attorney General Balderas Criminal Affairs Update to Courts, Corrections & Justice Interim Committee Albuquerque, NM Today,

More information

Investigation Techniques

Investigation Techniques Investigation Techniques Planning and Conducting a Fraud Examination 2013 Association of Certified Fraud Examiners, Inc. Fraud Examination Fraud examination refers to a process of resolving allegations

More information

QUALITY STANDARDS FOR DIGITAL FORENSICS

QUALITY STANDARDS FOR DIGITAL FORENSICS QUALITY STANDARDS FOR DIGITAL FORENSICS November 20, 2012 TABLE OF CONTENTS PREFACE... ii MANAGEMENT STANDARDS... 1 A. DIGITAL FORENSIC CAPABILITY... 1 B. QUALITY MANAGEMENT... 2 PERSONNEL STANDARDS...

More information

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing.

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing. Sensitive Incident Investigations. Digital Risk Management. Forensics Testing. 2009 Innovation Award Winner Austin Chamber of Commerce 2010 Innovation Award Finalist Austin Chamber of Commerce Only private

More information

Lance Eliot Sloves. Computer Forensic Services, Inc. 2807 Allen St. #743 E-mail: lancesl@cfsiusa.com

Lance Eliot Sloves. Computer Forensic Services, Inc. 2807 Allen St. #743 E-mail: lancesl@cfsiusa.com Lance Eliot Sloves Certified Computer Examiner (CCE, EnCE) Licensed Private Investigator, TX Testifying Expert Independent Government Contractor Active Top Secret/SSBI US Government Clearance Computer

More information

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11 DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

Ten Deadly Sins of Computer Forensics

Ten Deadly Sins of Computer Forensics Ten Deadly Sins of Computer Forensics Cyber criminals take advantage of the anonymity of the Internet to escape punishment. Computer Forensics has emerged as a new discipline to counter cyber crime. This

More information

Domestic Violence Case Management Plan

Domestic Violence Case Management Plan Domestic Violence Case Management Plan From the commencement of litigation to its resolution, whether by trial or settlement, it is the goal of this Court to reduce delay and enable just and efficient

More information

SUMMARY SELECTED EXAMPLE ENGAGEMENTS. Jerry Hatchett

SUMMARY SELECTED EXAMPLE ENGAGEMENTS. Jerry Hatchett SUMMARY Mr. Hatchett consults in the areas of digital forensics and electronic providing assistance to law firms, businesses of all sizes, federal and state courts, and foreign and domestic governmental

More information

STATE POLICE TROOPER

STATE POLICE TROOPER JOB DESCRIPTION MICHIGAN CIVIL SERVICE COMMISSION JOB SPECIFICATION STATE POLICE TROOPER Employees in this job are police officers, responsible for the enforcement of all traffic and criminal laws of the

More information

KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm

KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm HOUSTON AUSTIN KIMMONS INVESTIGATIVE SERVICES, INC. HIGHLY RESPECTED, SKILLED TEAM OF INVESTIGATORS Rob Kimmons,

More information

COMMONWEALTH OF MASSACHUSETTS THE TRIAL COURT STANDING ORDER NO. 2-86 (AMENDED)

COMMONWEALTH OF MASSACHUSETTS THE TRIAL COURT STANDING ORDER NO. 2-86 (AMENDED) COMMONWEALTH OF MASSACHUSETTS THE TRIAL COURT SUFFOLK, ss. SUPERIOR COURT DEPARTMENT STANDING ORDER NO. 2-86 (AMENDED) Applicable to All Counties to cases initiated by indictment on or after September

More information

KIMMONS INVESTIGATIVE SERVICES, INC.

KIMMONS INVESTIGATIVE SERVICES, INC. KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm HOUSTON AUSTIN National & Worldwide Affiliates KIMMONS INVESTIGATIVE SERVICES, INC. HIGHLY RESPECTED, SKILLED TEAM

More information

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION TITLE GRADE EEO-4 CODE AG Deputy Chief Investigator 42 D 13.246 SERIES CONCEPT Criminal Investigators

More information

C RIMINAL LAW O V E RVIEW OF T H E T E XAS C RIMINAL J USTICE P ROCESS

C RIMINAL LAW O V E RVIEW OF T H E T E XAS C RIMINAL J USTICE P ROCESS T E X A S Y O U N G L A W Y E R S A S S O C I A T I O N A N D S T A T E B A R O F T E X A S C RIMINAL LAW 1 0 1 : O V E RVIEW OF T H E T E XAS C RIMINAL J USTICE P ROCESS A C RIMINAL LAW 1 0 1 Prepared

More information

A Victim s Guide to Understanding the Criminal Justice System

A Victim s Guide to Understanding the Criminal Justice System A Victim s Guide to Understanding the Criminal Justice System The Bartholomew County Prosecutor s Office Victim Assistance Program Prosecutor: William Nash 234 Washington Street Columbus, IN 47201 Telephone:

More information

Responsible use of ICT Devices Agreement

Responsible use of ICT Devices Agreement Responsible use of ICT Devices Agreement This document is comprised of this cover page and three sections: Section A: Section B: Section C: Introduction Cybersafety Rules for Junior Primary Students Cybersafety

More information

WILLIAM OETTINGER PHONE (702) 292-4645 WOETTINGER@GMAIL.COM

WILLIAM OETTINGER PHONE (702) 292-4645 WOETTINGER@GMAIL.COM WILLIAM OETTINGER PHONE (702) 292-4645 WOETTINGER@GMAIL.COM SUMMARY OF QUALIFICATIONS Veteran investigator in a traditional and computer-related environment. A leader experienced in organizing, directing,

More information

IN THE CIRCUIT COURT OF THE CITY OF ST. LOUIS STATE OF MISSOURI ) ) ) ) ) ) ) ) ) PLAINTIFF'S INTERROGATORIES DIRECTED TO DEFENDANT

IN THE CIRCUIT COURT OF THE CITY OF ST. LOUIS STATE OF MISSOURI ) ) ) ) ) ) ) ) ) PLAINTIFF'S INTERROGATORIES DIRECTED TO DEFENDANT IN THE CIRCUIT COURT OF THE CITY OF ST. LOUIS STATE OF MISSOURI, Plaintiff, vs., Defendant. Cause No. Division No. PLAINTIFF'S INTERROGATORIES DIRECTED Comes now plaintiff and, in accordance with the Missouri

More information

Build Stronger Cases with Mobile Device Link Analysis

Build Stronger Cases with Mobile Device Link Analysis White Paper Build Stronger Cases with Mobile Device Link Analysis How data from mobile devices reveals the patterns of life that can make for stronger proactive and reactive investigations - on the street

More information

Immigration and Customs Enforcement Forensic Analysis of Electronic Media

Immigration and Customs Enforcement Forensic Analysis of Electronic Media for the Immigration and Customs Enforcement Forensic Analysis of Electronic Media DHS/ICE/PIA-042 May 11, 2015 Contact Point Peter T. Edge Executive Assistant Director Homeland Security Investigations

More information

JOB TITLE JOB CODE PAY GRADE EFFECTIVE Medicaid Fraud Intake Officer 26140AG 29 11/15/2015

JOB TITLE JOB CODE PAY GRADE EFFECTIVE Medicaid Fraud Intake Officer 26140AG 29 11/15/2015 `STATE OF OHIO (DAS) CLASSIFICATION SPECIFICATION SERIES PURPOSE CLASSIFICATION SERIES Medicaid Special Agent MAJOR AGENCIES Attorney General Only SERIES NUMBER 2614AG EFFECTIVE 11/15/2015 The purpose

More information

Information for Crime Victims and Witnesses

Information for Crime Victims and Witnesses Office of the Attorney General Information for Crime Victims and Witnesses MARCH 2009 LAWRENCE WASDEN Attorney General Criminal Law Division Special Prosecutions Unit Telephone: (208) 332-3096 Fax: (208)

More information

MINNESOTA JUDICIAL TRAINING UPDATE

MINNESOTA JUDICIAL TRAINING UPDATE MINNESOTA JUDICIAL TRAINING UPDATE CRIMINAL VOIR DIRE QUESTIONS ASKED BY THE COURT THE MN SUPREME COURT TASK FORCE ON JURY SELECTION HAS RECOMMENDED THAT JUDGES BE MORE PROACTIVE IN ASKING INITIAL QUESTIONS

More information

Chapter 4 Crimes (Review)

Chapter 4 Crimes (Review) Chapter 4 Crimes (Review) On a separate sheet of paper, write down the answer to the following Q s; if you do not know the answer, write down the Q. 1. What is a crime? 2. There are elements of a crime.

More information

How is Your Company Positioned to Deal With Law Enforcement?

How is Your Company Positioned to Deal With Law Enforcement? How is Your Company Positioned to Deal With Law Enforcement? Tim Proffitt September 2009 GIAC GSEC, GCIH, GCPM, GSLC, GLEG, GSNA SANS Technology Institute - Candidate for Master of Science Degree 1 1 Introduction

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

24/7 High Tech Crime Network

24/7 High Tech Crime Network 24/7 High Tech Crime Network Albert Rees Computer Crime & Intellectual Property Section Criminal Division, U.S. Department of Justice 24/7 Network The G-8 24/7 Network for Data Preservation Points of contact

More information

I. ELIGIBILITY FOR BOTH PRE-CHARGE AND POST-CHARGE DIVERSION: 1. Admit guilt and acknowledge responsibility for their action.

I. ELIGIBILITY FOR BOTH PRE-CHARGE AND POST-CHARGE DIVERSION: 1. Admit guilt and acknowledge responsibility for their action. ANOKA COUNTY ADULT CRIMINAL DIVERSION PLAN Effective July 1, 1994 - Revised 8/1/02, 9/5/07, 9/11/08 (Revisions apply only to crimes occurring on or after 9/1/08). The following plan has been developed

More information

County of Monterey DISTRICT ATTORNEY INVESTIGATOR I

County of Monterey DISTRICT ATTORNEY INVESTIGATOR I DISTRICT ATTORNEY INVESTIGATOR I DEFINITION Under supervision, investigates cases of suspected welfare fraud and other criminal activity to obtain facts and evidence in support of administrative action

More information