SlideShare a Scribd company logo

File000166

Desmond Devendran
Desmond Devendran
Technology
1 of 19
Download to read offline
Module LIII - Computer Forensics for Lawyers
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: The Dangers of Do-It- Yourself Computer Forensics As Do-It-Yourself or “DIY” becomes a more common practice at law firms, it is becoming more important to evaluate the risks associated with doing certain things yourself. Eric Shirk examines the dangers of using DIY for computer forensics and suggests alternatives that are safer for your firm. A Do-It-Yourself, or “DIY,” trend has permeated the legal industry when it comes to electronic discovery and litigation consulting services. In an effort to reduce costs, law firms and corporations are building internal teams to rely less on outside vendors, with varying degrees of success. However, certain DIY missions in litigation are fraught with peril and should be carefully examined. Such is the case with computer forensics, the discipline of digital evidence gathering and examination, which often culminates in expert testimony in a court of law. Computer forensics and the collection of digital evidence is a field with its deepest roots originating in law enforcement. Police and government investigators use various tools and techniques to mine digital evidence, tracking down perpetrators in both criminal and civil matters. With the recent explosion of electronically stored information (ESI) and eDiscovery in litigation, computer forensics is much more widespread now, and the demand for skilled professionals has outpaced the supply. Electronic discovery now appears in most cases, as e-mails have become a main form of communication, and electronic financial transactions and money management are commonplace. Since computer forensics services are frequently needed by legal counsel as well as corporate information technology (IT) departments, consultants have cropped up to fill the need. Truly qualified providers have the training and experience needed, both from a software proficiency and methodology standpoint. However, as with any burgeoning industry, there is a range of quality among consultants and prospective clients need to understand what they are. Source: http://www.abanet.org/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Computer Forensics for Lawyers • Presenting the Case • Functions of Lawyers • Identify the Right Forensic Expert • Check for Legitimacy • What Lawyers Should Know in the Forensic Process • Computer Forensics Cases This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Computer Forensics for Lawyers Presenting the Case Functions of Lawyers Identify the Right Forensic Expert Check for Legitimacy What Lawyers Should Know in the Forensic Process Computer Forensics Cases
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics for Lawyers Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery The critical errors can be avoided in the first place if the lawyers gain a fundamental understanding of how a computer stores data and the file management system
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Initial Information to be Known by Lawyers When an Incident Occurs Details and type of the incident occurred Date and time of the incident’s occurrence Any tampering done with the incident Actions taken after an incident Information about the person who first identified the incident Any loopholes found at the incident area Information about the person who has access to the system and the one who had accessed it last
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Presenting the Case This is a chance for the attorney to convince the judge that all measures have been taken to protect the computer in use, all data is recovered and the findings printed To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise your clients about “safe” data practices Have a working knowledge of how a computer stores data, and about where and how data resides after it is deleted Request the court to issue an order requiring the party in possession of the computer to refrain from any action that may impair the ability to recover latent or dynamic data
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know Firewall basics Network configuration Basic understanding of the e-mail’s infrastructure Warning Banners, logging, and monitoring Security policy Back-up process and technologies Types of computers and other electronic media • Laptop, PDA, personal computer
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Functions of Lawyers Study the client's document retention policies and data retention architecture Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Recognize the key players and IT personnel and directly communicate with them to ensure compliance and complete understandings Ask the relevant employees to submit electronic and hard copies of files Verify the files, electronic records, laptops, backup media, etc. Stop routine record management, recycling policies, and automatic deletion Take control over unauthorized access and tampering
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited When Do Lawyers Really Need to Hire a Forensic Expert? In matters involving a credible allegation of negligence or intentional destruction, or concealment, of electronic information In circumstances where it is likely that relevant and discoverable data exists, but is accessible only through the use of forensic restoration techniques
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Identify the Right Forensic Expert Is the examiner certified? How much experience does he have in computer forensics? How experienced is he/she as an expert witness? What are his/her service charges? Does he/she has the knowledge of federal rules of evidence Is he/she trained in evidence handling, investigation techniques, and information recovery tools? Does he/she possess the ability to identify the system’s role in the event and can he develop a refined approach to find evidence?
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Industry Associations Providing Expert Forensic Investigators International Association of Computer Investigative Specialists (IACIS) High Technology Crime Investigation Association (HTCIA) High Tech Computer Network (HTCN) Computer Forensics Tool Testing (CFTT) Federal Law Enforcement Training Center (FLETC) Seized Computer Evidence Recovery Specialist (SCERS) Treasury Computer Forensic Training Program (TCFTP) Federal Bureau of Investigation (FBI)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Legitimacy Check whether an incident has actually occurred Check whether the investigating team who perform forensics are experienced and certified or not Ensure that the evidence is legally accepted Make sure that forensics is performed within the policies and procedures Ensure that individuals who serve as evidence are genuine Check whether the documentation speaks same as that of the forensic process Check that no extra information or evidence without any relation to the case is included in the final report to the court
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know in the Forensic Process Law and policies followed in the forensic process Information from the first responder Understanding file systems Data acquisition and duplication Incidents handled Tools used in computer forensics Deleted files and partitions recovered Application password cracking Network forensics and investigating logs Network Traffic, wireless attacks, web attacks, and DoS attacks Trademark and copyright infringement
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Makes Evidence Inadmissible in the Court Defragmenting your disk, zipping your data, or installing/uninstalling applications on your system Overwriting backup media and swapping the file area Disposing of machines or media Deleting, moving, or modifying the discoverable evidence Disk optimization Metadata scrubbing/removal
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Expect from Forensic Examiner Document equipment such as hard disk drives along with their model, operating system and version, and file catalog Collect and document data sources such as backup tapes, firewall logs, and intrusion detection logs Protect secure items such as notepads, papers, photos, books, and other materials gathered from the suspect’s office Develop a chain of custody that proves both physical and electronic evidence have been stored in its original state Recognize system relationship to the event and developing an approach for finding evidence Locate and document the evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise clients about “safe” data practices Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Ensure that no extra information or evidence without having any relation to the case, is included in the final report to the court
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recommended

File000164
File000164File000164
File000164Desmond Devendran
 
CHFI
CHFICHFI
CHFIDesmond Devendran
 
File000168
File000168File000168
File000168Desmond Devendran
 
File000172
File000172File000172
File000172Desmond Devendran
 
File000116
File000116File000116
File000116Desmond Devendran
 
File000167
File000167File000167
File000167Desmond Devendran
 
File000118
File000118File000118
File000118Desmond Devendran
 
File000176
File000176File000176
File000176Desmond Devendran
 

Recommended

File000164
File000164File000164
File000164Desmond Devendran
 
CHFI
CHFICHFI
CHFIDesmond Devendran
 
File000168
File000168File000168
File000168Desmond Devendran
 
File000172
File000172File000172
File000172Desmond Devendran
 
File000116
File000116File000116
File000116Desmond Devendran
 
File000167
File000167File000167
File000167Desmond Devendran
 
File000118
File000118File000118
File000118Desmond Devendran
 
File000176
File000176File000176
File000176Desmond Devendran
 
File000162
File000162File000162
File000162Desmond Devendran
 
File000163
File000163File000163
File000163Desmond Devendran
 
File000114
File000114File000114
File000114Desmond Devendran
 
File000113
File000113File000113
File000113Desmond Devendran
 
File000117
File000117File000117
File000117Desmond Devendran
 
File000120
File000120File000120
File000120Desmond Devendran
 
File000115
File000115File000115
File000115Desmond Devendran
 
File000119
File000119File000119
File000119Desmond Devendran
 
File000171
File000171File000171
File000171Desmond Devendran
 
File000170
File000170File000170
File000170Desmond Devendran
 
File000154
File000154File000154
File000154Desmond Devendran
 
File000173
File000173File000173
File000173Desmond Devendran
 
File000146
File000146File000146
File000146Desmond Devendran
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensicsKabul Education University
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
File000157
File000157File000157
File000157Desmond Devendran
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9ITpreneurs
 
File000169
File000169File000169
File000169Desmond Devendran
 
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)Desmond Devendran
 

More Related Content

What's hot

Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9ITpreneurs
 

What's hot (20)

File000162
File000162File000162
File000162
 
File000163
File000163File000163
File000163
 
File000114
File000114File000114
File000114
 
File000113
File000113File000113
File000113
 
File000117
File000117File000117
File000117
 
File000120
File000120File000120
File000120
 
File000115
File000115File000115
File000115
 
File000119
File000119File000119
File000119
 
File000171
File000171File000171
File000171
 
File000170
File000170File000170
File000170
 
File000154
File000154File000154
File000154
 
File000173
File000173File000173
File000173
 
File000146
File000146File000146
File000146
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IV
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
 
File000157
File000157File000157
File000157
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
 

Viewers also liked

[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)Desmond Devendran
 
Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logsAnimesh Shaw
 

Viewers also liked (20)

File000169
File000169File000169
File000169
 
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
 
File000097
File000097File000097
File000097
 
File000161
File000161File000161
File000161
 
File000155
File000155File000155
File000155
 
File000145
File000145File000145
File000145
 
File000139
File000139File000139
File000139
 
File000174
File000174File000174
File000174
 
File000136
File000136File000136
File000136
 
File000142
File000142File000142
File000142
 
File000165
File000165File000165
File000165
 
File000121
File000121File000121
File000121
 
File000135
File000135File000135
File000135
 
File000175
File000175File000175
File000175
 
File000149
File000149File000149
File000149
 
File000128
File000128File000128
File000128
 
File000148
File000148File000148
File000148
 
File000122
File000122File000122
File000122
 
Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logs
 
File000152
File000152File000152
File000152
 

Similar to File000166

Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
computerforensics-140212060522-phpapp02.pdf
computerforensics-140212060522-phpapp02.pdfcomputerforensics-140212060522-phpapp02.pdf
computerforensics-140212060522-phpapp02.pdfGnanavi2
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxDaniyaHuzaifa
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxssuser2bf502
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)JIEMS Akkalkuwa
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 

Similar to File000166 (20)

Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140212060522-phpapp02.pdf
computerforensics-140212060522-phpapp02.pdfcomputerforensics-140212060522-phpapp02.pdf
computerforensics-140212060522-phpapp02.pdf
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
 
computer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptxcomputer-forensics-8727-OHvDvOm.pptx
computer-forensics-8727-OHvDvOm.pptx
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
Chapter1
Chapter1Chapter1
Chapter1
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 

More from Desmond Devendran

Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guidesDesmond Devendran
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeDesmond Devendran
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentialsDesmond Devendran
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management Desmond Devendran
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDesmond Devendran
 

More from Desmond Devendran (12)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000160
File000160File000160
File000160
 
File000159
File000159File000159
File000159
 
File000158
File000158File000158
File000158
 
File000156
File000156File000156
File000156
 
File000153
File000153File000153
File000153
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

File000166

  • 1. Module LIII - Computer Forensics for Lawyers
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: The Dangers of Do-It- Yourself Computer Forensics As Do-It-Yourself or “DIY” becomes a more common practice at law firms, it is becoming more important to evaluate the risks associated with doing certain things yourself. Eric Shirk examines the dangers of using DIY for computer forensics and suggests alternatives that are safer for your firm. A Do-It-Yourself, or “DIY,” trend has permeated the legal industry when it comes to electronic discovery and litigation consulting services. In an effort to reduce costs, law firms and corporations are building internal teams to rely less on outside vendors, with varying degrees of success. However, certain DIY missions in litigation are fraught with peril and should be carefully examined. Such is the case with computer forensics, the discipline of digital evidence gathering and examination, which often culminates in expert testimony in a court of law. Computer forensics and the collection of digital evidence is a field with its deepest roots originating in law enforcement. Police and government investigators use various tools and techniques to mine digital evidence, tracking down perpetrators in both criminal and civil matters. With the recent explosion of electronically stored information (ESI) and eDiscovery in litigation, computer forensics is much more widespread now, and the demand for skilled professionals has outpaced the supply. Electronic discovery now appears in most cases, as e-mails have become a main form of communication, and electronic financial transactions and money management are commonplace. Since computer forensics services are frequently needed by legal counsel as well as corporate information technology (IT) departments, consultants have cropped up to fill the need. Truly qualified providers have the training and experience needed, both from a software proficiency and methodology standpoint. However, as with any burgeoning industry, there is a range of quality among consultants and prospective clients need to understand what they are. Source: http://www.abanet.org/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Computer Forensics for Lawyers • Presenting the Case • Functions of Lawyers • Identify the Right Forensic Expert • Check for Legitimacy • What Lawyers Should Know in the Forensic Process • Computer Forensics Cases This module will familiarize you with:
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Computer Forensics for Lawyers Presenting the Case Functions of Lawyers Identify the Right Forensic Expert Check for Legitimacy What Lawyers Should Know in the Forensic Process Computer Forensics Cases
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics for Lawyers Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery The critical errors can be avoided in the first place if the lawyers gain a fundamental understanding of how a computer stores data and the file management system
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Initial Information to be Known by Lawyers When an Incident Occurs Details and type of the incident occurred Date and time of the incident’s occurrence Any tampering done with the incident Actions taken after an incident Information about the person who first identified the incident Any loopholes found at the incident area Information about the person who has access to the system and the one who had accessed it last
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Presenting the Case This is a chance for the attorney to convince the judge that all measures have been taken to protect the computer in use, all data is recovered and the findings printed To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise your clients about “safe” data practices Have a working knowledge of how a computer stores data, and about where and how data resides after it is deleted Request the court to issue an order requiring the party in possession of the computer to refrain from any action that may impair the ability to recover latent or dynamic data
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know Firewall basics Network configuration Basic understanding of the e-mail’s infrastructure Warning Banners, logging, and monitoring Security policy Back-up process and technologies Types of computers and other electronic media • Laptop, PDA, personal computer
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Functions of Lawyers Study the client's document retention policies and data retention architecture Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Recognize the key players and IT personnel and directly communicate with them to ensure compliance and complete understandings Ask the relevant employees to submit electronic and hard copies of files Verify the files, electronic records, laptops, backup media, etc. Stop routine record management, recycling policies, and automatic deletion Take control over unauthorized access and tampering
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited When Do Lawyers Really Need to Hire a Forensic Expert? In matters involving a credible allegation of negligence or intentional destruction, or concealment, of electronic information In circumstances where it is likely that relevant and discoverable data exists, but is accessible only through the use of forensic restoration techniques
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Identify the Right Forensic Expert Is the examiner certified? How much experience does he have in computer forensics? How experienced is he/she as an expert witness? What are his/her service charges? Does he/she has the knowledge of federal rules of evidence Is he/she trained in evidence handling, investigation techniques, and information recovery tools? Does he/she possess the ability to identify the system’s role in the event and can he develop a refined approach to find evidence?
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Industry Associations Providing Expert Forensic Investigators International Association of Computer Investigative Specialists (IACIS) High Technology Crime Investigation Association (HTCIA) High Tech Computer Network (HTCN) Computer Forensics Tool Testing (CFTT) Federal Law Enforcement Training Center (FLETC) Seized Computer Evidence Recovery Specialist (SCERS) Treasury Computer Forensic Training Program (TCFTP) Federal Bureau of Investigation (FBI)
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Legitimacy Check whether an incident has actually occurred Check whether the investigating team who perform forensics are experienced and certified or not Ensure that the evidence is legally accepted Make sure that forensics is performed within the policies and procedures Ensure that individuals who serve as evidence are genuine Check whether the documentation speaks same as that of the forensic process Check that no extra information or evidence without any relation to the case is included in the final report to the court
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know in the Forensic Process Law and policies followed in the forensic process Information from the first responder Understanding file systems Data acquisition and duplication Incidents handled Tools used in computer forensics Deleted files and partitions recovered Application password cracking Network forensics and investigating logs Network Traffic, wireless attacks, web attacks, and DoS attacks Trademark and copyright infringement
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Makes Evidence Inadmissible in the Court Defragmenting your disk, zipping your data, or installing/uninstalling applications on your system Overwriting backup media and swapping the file area Disposing of machines or media Deleting, moving, or modifying the discoverable evidence Disk optimization Metadata scrubbing/removal
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Expect from Forensic Examiner Document equipment such as hard disk drives along with their model, operating system and version, and file catalog Collect and document data sources such as backup tapes, firewall logs, and intrusion detection logs Protect secure items such as notepads, papers, photos, books, and other materials gathered from the suspect’s office Develop a chain of custody that proves both physical and electronic evidence have been stored in its original state Recognize system relationship to the event and developing an approach for finding evidence Locate and document the evidence
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise clients about “safe” data practices Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Ensure that no extra information or evidence without having any relation to the case, is included in the final report to the court
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited