Your SlideShare is downloading. ×
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
File000166
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

File000166

123

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
123
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Module LIII - Computer Forensics for Lawyers
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: The Dangers of Do-It- Yourself Computer Forensics As Do-It-Yourself or “DIY” becomes a more common practice at law firms, it is becoming more important to evaluate the risks associated with doing certain things yourself. Eric Shirk examines the dangers of using DIY for computer forensics and suggests alternatives that are safer for your firm. A Do-It-Yourself, or “DIY,” trend has permeated the legal industry when it comes to electronic discovery and litigation consulting services. In an effort to reduce costs, law firms and corporations are building internal teams to rely less on outside vendors, with varying degrees of success. However, certain DIY missions in litigation are fraught with peril and should be carefully examined. Such is the case with computer forensics, the discipline of digital evidence gathering and examination, which often culminates in expert testimony in a court of law. Computer forensics and the collection of digital evidence is a field with its deepest roots originating in law enforcement. Police and government investigators use various tools and techniques to mine digital evidence, tracking down perpetrators in both criminal and civil matters. With the recent explosion of electronically stored information (ESI) and eDiscovery in litigation, computer forensics is much more widespread now, and the demand for skilled professionals has outpaced the supply. Electronic discovery now appears in most cases, as e-mails have become a main form of communication, and electronic financial transactions and money management are commonplace. Since computer forensics services are frequently needed by legal counsel as well as corporate information technology (IT) departments, consultants have cropped up to fill the need. Truly qualified providers have the training and experience needed, both from a software proficiency and methodology standpoint. However, as with any burgeoning industry, there is a range of quality among consultants and prospective clients need to understand what they are. Source: http://www.abanet.org/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Computer Forensics for Lawyers • Presenting the Case • Functions of Lawyers • Identify the Right Forensic Expert • Check for Legitimacy • What Lawyers Should Know in the Forensic Process • Computer Forensics Cases This module will familiarize you with:
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Computer Forensics for Lawyers Presenting the Case Functions of Lawyers Identify the Right Forensic Expert Check for Legitimacy What Lawyers Should Know in the Forensic Process Computer Forensics Cases
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics for Lawyers Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery The critical errors can be avoided in the first place if the lawyers gain a fundamental understanding of how a computer stores data and the file management system
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Initial Information to be Known by Lawyers When an Incident Occurs Details and type of the incident occurred Date and time of the incident’s occurrence Any tampering done with the incident Actions taken after an incident Information about the person who first identified the incident Any loopholes found at the incident area Information about the person who has access to the system and the one who had accessed it last
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Presenting the Case This is a chance for the attorney to convince the judge that all measures have been taken to protect the computer in use, all data is recovered and the findings printed To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise your clients about “safe” data practices Have a working knowledge of how a computer stores data, and about where and how data resides after it is deleted Request the court to issue an order requiring the party in possession of the computer to refrain from any action that may impair the ability to recover latent or dynamic data
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know Firewall basics Network configuration Basic understanding of the e-mail’s infrastructure Warning Banners, logging, and monitoring Security policy Back-up process and technologies Types of computers and other electronic media • Laptop, PDA, personal computer
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Functions of Lawyers Study the client's document retention policies and data retention architecture Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Recognize the key players and IT personnel and directly communicate with them to ensure compliance and complete understandings Ask the relevant employees to submit electronic and hard copies of files Verify the files, electronic records, laptops, backup media, etc. Stop routine record management, recycling policies, and automatic deletion Take control over unauthorized access and tampering
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited When Do Lawyers Really Need to Hire a Forensic Expert? In matters involving a credible allegation of negligence or intentional destruction, or concealment, of electronic information In circumstances where it is likely that relevant and discoverable data exists, but is accessible only through the use of forensic restoration techniques
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Identify the Right Forensic Expert Is the examiner certified? How much experience does he have in computer forensics? How experienced is he/she as an expert witness? What are his/her service charges? Does he/she has the knowledge of federal rules of evidence Is he/she trained in evidence handling, investigation techniques, and information recovery tools? Does he/she possess the ability to identify the system’s role in the event and can he develop a refined approach to find evidence?
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Industry Associations Providing Expert Forensic Investigators International Association of Computer Investigative Specialists (IACIS) High Technology Crime Investigation Association (HTCIA) High Tech Computer Network (HTCN) Computer Forensics Tool Testing (CFTT) Federal Law Enforcement Training Center (FLETC) Seized Computer Evidence Recovery Specialist (SCERS) Treasury Computer Forensic Training Program (TCFTP) Federal Bureau of Investigation (FBI)
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Legitimacy Check whether an incident has actually occurred Check whether the investigating team who perform forensics are experienced and certified or not Ensure that the evidence is legally accepted Make sure that forensics is performed within the policies and procedures Ensure that individuals who serve as evidence are genuine Check whether the documentation speaks same as that of the forensic process Check that no extra information or evidence without any relation to the case is included in the final report to the court
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know in the Forensic Process Law and policies followed in the forensic process Information from the first responder Understanding file systems Data acquisition and duplication Incidents handled Tools used in computer forensics Deleted files and partitions recovered Application password cracking Network forensics and investigating logs Network Traffic, wireless attacks, web attacks, and DoS attacks Trademark and copyright infringement
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Makes Evidence Inadmissible in the Court Defragmenting your disk, zipping your data, or installing/uninstalling applications on your system Overwriting backup media and swapping the file area Disposing of machines or media Deleting, moving, or modifying the discoverable evidence Disk optimization Metadata scrubbing/removal
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Expect from Forensic Examiner Document equipment such as hard disk drives along with their model, operating system and version, and file catalog Collect and document data sources such as backup tapes, firewall logs, and intrusion detection logs Protect secure items such as notepads, papers, photos, books, and other materials gathered from the suspect’s office Develop a chain of custody that proves both physical and electronic evidence have been stored in its original state Recognize system relationship to the event and developing an approach for finding evidence Locate and document the evidence
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise clients about “safe” data practices Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Ensure that no extra information or evidence without having any relation to the case, is included in the final report to the court
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

×