Sadfe2007

652 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
652
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Sadfe2007

  1. 1. High Tech Case Management Life Cycle ● SADFE & CTIN ● Bell Harbor International Conference Center – Seattle, Washington, USA ● A tutorial on technical case management ● Presented by: – Computer Technology Investigations Network
  2. 2. SADFE 2007 ● High Tech Case Management Life Cycle – Goals & Objectives – Introductions
  3. 3. SADFE 2007 ● Goals & Objectives – Introduction to Computer Forensics – Process flows in hi-tech investigations – Professional development and contacts ● Who are you? – Employer? – Career (current & future) – Forensics experiences – Case experiences
  4. 4. SADFE 2007 ● Introductions – Who we are ● CTIN ● Corporate ● Government
  5. 5. SADFE 2007 ● Tutorial – Data collection – Data analysis – Cross link analysis – Legal analysis & case construction – Case presentation – Case critique
  6. 6. SADFE 2007 ● Data collection – Evidence seizure and control – Disk acquisitions – PDA acquisitions – Cell phone acquisition
  7. 7. SADFE 2007 ● Evidence seizure and control – Types of evidence ● Hardware ● Software ● Other – Types of controls ● Criminal investigation ● Civil investigations
  8. 8. SADFE 2007 ● Disk acquisitions – Commercial software tools ● Guidance Software EnCase ● AccessData FTK Imager ● Technology Pathways ProDiscover ● NTI SafeBack ● Etc. (SMART...) – Commercial hardware tools ● Logicube ● Voom Technologies HardCopy II
  9. 9. SADFE 2007 ● Disk acquisitions – Freeware software tools ● UNIX/Linux dd ● UNIX/Linux dcfldd ● FIRST DiskImager – Write-blockers ● Tableau ● Technology Pathways NoWrite FPU ● Image MASSter Drive Lock
  10. 10. SADFE 2007 ● PDA acquisition
  11. 11. SADFE 2007 ● Cell phone acquisition
  12. 12. SADFE 2007 ● Data Analysis – Proceeding with an analysis ● Manual search methods ● Automated search tools – Live search – Index search – Working case practical ● Hands-on – Report generators
  13. 13. SADFE 2007 ● Cross-link analysis – Cataloging data using office application tools – Practical loading data into applications ● Hands-on – Practical comparative analysis ● Hands-on
  14. 14. SADFE 2007 ● Legal analysis & case construction – Presenting findings ● Formal reports ● Informal reports – Practical report presentation ● Best practices for displaying technical data – Identifying elements to support case ● Criminal case ● Civil case – Examination planning
  15. 15. SADFE 2007 ● Case presentation – Courtroom display considerations ● Determine the audience ● Facility considerations – Video projection ● Time lapse activity ● Office application presentation tools – Telling a story
  16. 16. SADFE 2007 ● Critique the case – Why critique the case? – Is the customer happy with the product? – Maintaining a professional journal
  17. 17. SADFE 2007 ● Summation – Data collection – Data Analysis – Cross-link analysis – Case construction – Case Presentation – Critique ● Questions and interests? 

×