SlideShare a Scribd company logo

File000166

Desmond Devendran, profile picture
Desmond Devendran

Lawyers often lack knowledge about electronic data discovery compared to traditional paper discovery. To properly handle digital evidence, lawyers should understand basic computer functions and data storage. They should also identify qualified forensic experts, ensure the forensic process follows proper procedures, and understand what types of computer forensic analysis may be necessary for different legal cases.

Technology
1 of 19
Downloaded 45 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Module LIII - Computer Forensics for Lawyers
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: The Dangers of Do-It- Yourself Computer Forensics As Do-It-Yourself or “DIY” becomes a more common practice at law firms, it is becoming more important to evaluate the risks associated with doing certain things yourself. Eric Shirk examines the dangers of using DIY for computer forensics and suggests alternatives that are safer for your firm. A Do-It-Yourself, or “DIY,” trend has permeated the legal industry when it comes to electronic discovery and litigation consulting services. In an effort to reduce costs, law firms and corporations are building internal teams to rely less on outside vendors, with varying degrees of success. However, certain DIY missions in litigation are fraught with peril and should be carefully examined. Such is the case with computer forensics, the discipline of digital evidence gathering and examination, which often culminates in expert testimony in a court of law. Computer forensics and the collection of digital evidence is a field with its deepest roots originating in law enforcement. Police and government investigators use various tools and techniques to mine digital evidence, tracking down perpetrators in both criminal and civil matters. With the recent explosion of electronically stored information (ESI) and eDiscovery in litigation, computer forensics is much more widespread now, and the demand for skilled professionals has outpaced the supply. Electronic discovery now appears in most cases, as e-mails have become a main form of communication, and electronic financial transactions and money management are commonplace. Since computer forensics services are frequently needed by legal counsel as well as corporate information technology (IT) departments, consultants have cropped up to fill the need. Truly qualified providers have the training and experience needed, both from a software proficiency and methodology standpoint. However, as with any burgeoning industry, there is a range of quality among consultants and prospective clients need to understand what they are. Source: http://www.abanet.org/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Computer Forensics for Lawyers • Presenting the Case • Functions of Lawyers • Identify the Right Forensic Expert • Check for Legitimacy • What Lawyers Should Know in the Forensic Process • Computer Forensics Cases This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Computer Forensics for Lawyers Presenting the Case Functions of Lawyers Identify the Right Forensic Expert Check for Legitimacy What Lawyers Should Know in the Forensic Process Computer Forensics Cases
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics for Lawyers Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery The critical errors can be avoided in the first place if the lawyers gain a fundamental understanding of how a computer stores data and the file management system
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Initial Information to be Known by Lawyers When an Incident Occurs Details and type of the incident occurred Date and time of the incident’s occurrence Any tampering done with the incident Actions taken after an incident Information about the person who first identified the incident Any loopholes found at the incident area Information about the person who has access to the system and the one who had accessed it last
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Presenting the Case This is a chance for the attorney to convince the judge that all measures have been taken to protect the computer in use, all data is recovered and the findings printed To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise your clients about “safe” data practices Have a working knowledge of how a computer stores data, and about where and how data resides after it is deleted Request the court to issue an order requiring the party in possession of the computer to refrain from any action that may impair the ability to recover latent or dynamic data
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know Firewall basics Network configuration Basic understanding of the e-mail’s infrastructure Warning Banners, logging, and monitoring Security policy Back-up process and technologies Types of computers and other electronic media • Laptop, PDA, personal computer
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Functions of Lawyers Study the client's document retention policies and data retention architecture Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Recognize the key players and IT personnel and directly communicate with them to ensure compliance and complete understandings Ask the relevant employees to submit electronic and hard copies of files Verify the files, electronic records, laptops, backup media, etc. Stop routine record management, recycling policies, and automatic deletion Take control over unauthorized access and tampering
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited When Do Lawyers Really Need to Hire a Forensic Expert? In matters involving a credible allegation of negligence or intentional destruction, or concealment, of electronic information In circumstances where it is likely that relevant and discoverable data exists, but is accessible only through the use of forensic restoration techniques
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Identify the Right Forensic Expert Is the examiner certified? How much experience does he have in computer forensics? How experienced is he/she as an expert witness? What are his/her service charges? Does he/she has the knowledge of federal rules of evidence Is he/she trained in evidence handling, investigation techniques, and information recovery tools? Does he/she possess the ability to identify the system’s role in the event and can he develop a refined approach to find evidence?
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Industry Associations Providing Expert Forensic Investigators International Association of Computer Investigative Specialists (IACIS) High Technology Crime Investigation Association (HTCIA) High Tech Computer Network (HTCN) Computer Forensics Tool Testing (CFTT) Federal Law Enforcement Training Center (FLETC) Seized Computer Evidence Recovery Specialist (SCERS) Treasury Computer Forensic Training Program (TCFTP) Federal Bureau of Investigation (FBI)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Legitimacy Check whether an incident has actually occurred Check whether the investigating team who perform forensics are experienced and certified or not Ensure that the evidence is legally accepted Make sure that forensics is performed within the policies and procedures Ensure that individuals who serve as evidence are genuine Check whether the documentation speaks same as that of the forensic process Check that no extra information or evidence without any relation to the case is included in the final report to the court
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know in the Forensic Process Law and policies followed in the forensic process Information from the first responder Understanding file systems Data acquisition and duplication Incidents handled Tools used in computer forensics Deleted files and partitions recovered Application password cracking Network forensics and investigating logs Network Traffic, wireless attacks, web attacks, and DoS attacks Trademark and copyright infringement
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Makes Evidence Inadmissible in the Court Defragmenting your disk, zipping your data, or installing/uninstalling applications on your system Overwriting backup media and swapping the file area Disposing of machines or media Deleting, moving, or modifying the discoverable evidence Disk optimization Metadata scrubbing/removal
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Expect from Forensic Examiner Document equipment such as hard disk drives along with their model, operating system and version, and file catalog Collect and document data sources such as backup tapes, firewall logs, and intrusion detection logs Protect secure items such as notepads, papers, photos, books, and other materials gathered from the suspect’s office Develop a chain of custody that proves both physical and electronic evidence have been stored in its original state Recognize system relationship to the event and developing an approach for finding evidence Locate and document the evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise clients about “safe” data practices Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Ensure that no extra information or evidence without having any relation to the case, is included in the final report to the court
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

More Related Content

PDF
File000164
Desmond Devendran
 
PDF
CHFI
Desmond Devendran
 
PDF
File000168
Desmond Devendran
 
PDF
File000172
Desmond Devendran
 
PDF
File000116
Desmond Devendran
 
PDF
File000167
Desmond Devendran
 
PDF
File000118
Desmond Devendran
 
PDF
File000176
Desmond Devendran
 
File000164
Desmond Devendran
 
CHFI
Desmond Devendran
 
File000168
Desmond Devendran
 
File000172
Desmond Devendran
 
File000116
Desmond Devendran
 
File000167
Desmond Devendran
 
File000118
Desmond Devendran
 
File000176
Desmond Devendran
 

What's hot (20)

PDF
File000162
Desmond Devendran
 
PDF
File000163
Desmond Devendran
 
PDF
File000114
Desmond Devendran
 
PDF
File000113
Desmond Devendran
 
PDF
File000117
Desmond Devendran
 
PDF
File000120
Desmond Devendran
 
PDF
File000115
Desmond Devendran
 
PDF
File000119
Desmond Devendran
 
PDF
File000171
Desmond Devendran
 
PDF
File000170
Desmond Devendran
 
PDF
File000154
Desmond Devendran
 
PDF
File000173
Desmond Devendran
 
PDF
File000146
Desmond Devendran
 
PDF
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
PDF
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
PDF
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
 
PPTX
Lect 1 computer forensics
Kabul Education University
 
PDF
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
 
PDF
File000157
Desmond Devendran
 
PDF
EC-Council Computer Hacking Forensic Investigator v9
ITpreneurs
 
File000162
Desmond Devendran
 
File000163
Desmond Devendran
 
File000114
Desmond Devendran
 
File000113
Desmond Devendran
 
File000117
Desmond Devendran
 
File000120
Desmond Devendran
 
File000115
Desmond Devendran
 
File000119
Desmond Devendran
 
File000171
Desmond Devendran
 
File000170
Desmond Devendran
 
File000154
Desmond Devendran
 
File000173
Desmond Devendran
 
File000146
Desmond Devendran
 
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
 
Lect 1 computer forensics
Kabul Education University
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
 
File000157
Desmond Devendran
 
EC-Council Computer Hacking Forensic Investigator v9
ITpreneurs
 
Ad

Viewers also liked (20)

PDF
File000169
Desmond Devendran
 
PDF
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
Desmond Devendran
 
PDF
File000097
Desmond Devendran
 
PDF
File000161
Desmond Devendran
 
PDF
File000155
Desmond Devendran
 
PDF
File000145
Desmond Devendran
 
PDF
File000139
Desmond Devendran
 
PDF
File000174
Desmond Devendran
 
PDF
File000136
Desmond Devendran
 
PDF
File000142
Desmond Devendran
 
PDF
File000165
Desmond Devendran
 
PDF
File000121
Desmond Devendran
 
PDF
File000135
Desmond Devendran
 
PDF
File000175
Desmond Devendran
 
PDF
File000149
Desmond Devendran
 
PDF
File000128
Desmond Devendran
 
PDF
File000148
Desmond Devendran
 
PDF
File000122
Desmond Devendran
 
PPT
Investigating server logs
Animesh Shaw
 
PDF
File000152
Desmond Devendran
 
File000169
Desmond Devendran
 
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
Desmond Devendran
 
File000097
Desmond Devendran
 
File000161
Desmond Devendran
 
File000155
Desmond Devendran
 
File000145
Desmond Devendran
 
File000139
Desmond Devendran
 
File000174
Desmond Devendran
 
File000136
Desmond Devendran
 
File000142
Desmond Devendran
 
File000165
Desmond Devendran
 
File000121
Desmond Devendran
 
File000135
Desmond Devendran
 
File000175
Desmond Devendran
 
File000149
Desmond Devendran
 
File000128
Desmond Devendran
 
File000148
Desmond Devendran
 
File000122
Desmond Devendran
 
Investigating server logs
Animesh Shaw
 
File000152
Desmond Devendran
 
Ad

Similar to File000166 (20)

PPT
Computer +forensics
Rahul Baghla
 
PPT
Computer forensics
SCREAM138
 
PDF
computerforensics-140212060522-phpapp02.pdf
Gnanavi2
 
PPTX
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
PDF
Computer forensic
ibraheem ogundele
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PPTX
Computer forensics Slides
Varun Sehgal
 
PPTX
Computer forensic
Shashi Mishra
 
PDF
Computer forencis
Teja Bheemanapally
 
PPTX
ppt on computer forensic concept and types
s48ourabh
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
PPTX
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
PPT
Computer forensics
Lalit Garg
 
DOCX
What is Digital Forensics.docx
AliAshraf68199
 
PDF
III year VI sem CYber forensics material
prakashv818087
 
PPTX
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
PPT
Chapter1
charwendel
 
PPTX
CYB 305 Forensics and Digital Computer Security.pptx
Muhammad54342
 
PPTX
Cyber forensics ppt
RoshiniVijayakumar1
 
PDF
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
PreciousChineka
 
Computer +forensics
Rahul Baghla
 
Computer forensics
SCREAM138
 
computerforensics-140212060522-phpapp02.pdf
Gnanavi2
 
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
Computer forensic
ibraheem ogundele
 
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics Slides
Varun Sehgal
 
Computer forensic
Shashi Mishra
 
Computer forencis
Teja Bheemanapally
 
ppt on computer forensic concept and types
s48ourabh
 
computer-forensics-8727-OHvDvOm.pptx
DaniyaHuzaifa
 
computer-forensics-8727-OHvDvOm.pptx
ssuser2bf502
 
Computer forensics
Lalit Garg
 
What is Digital Forensics.docx
AliAshraf68199
 
III year VI sem CYber forensics material
prakashv818087
 
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Chapter1
charwendel
 
CYB 305 Forensics and Digital Computer Security.pptx
Muhammad54342
 
Cyber forensics ppt
RoshiniVijayakumar1
 
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
PreciousChineka
 

More from Desmond Devendran (12)

PDF
Siam key-facts
Desmond Devendran
 
PDF
Siam foundation-process-guides
Desmond Devendran
 
PDF
Siam foundation-body-of-knowledge
Desmond Devendran
 
PDF
Enterprise service-management-essentials
Desmond Devendran
 
PDF
Service Integration and Management
Desmond Devendran
 
PDF
Diagram of iso_22301_implementation_process_en
Desmond Devendran
 
PDF
CHFI 1
Desmond Devendran
 
PDF
File000160
Desmond Devendran
 
PDF
File000159
Desmond Devendran
 
PDF
File000158
Desmond Devendran
 
PDF
File000156
Desmond Devendran
 
PDF
File000153
Desmond Devendran
 
Siam key-facts
Desmond Devendran
 
Siam foundation-process-guides
Desmond Devendran
 
Siam foundation-body-of-knowledge
Desmond Devendran
 
Enterprise service-management-essentials
Desmond Devendran
 
Service Integration and Management
Desmond Devendran
 
Diagram of iso_22301_implementation_process_en
Desmond Devendran
 
CHFI 1
Desmond Devendran
 
File000160
Desmond Devendran
 
File000159
Desmond Devendran
 
File000158
Desmond Devendran
 
File000156
Desmond Devendran
 
File000153
Desmond Devendran
 

Recently uploaded (20)

PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 

File000166

  • 1. Module LIII - Computer Forensics for Lawyers
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: The Dangers of Do-It- Yourself Computer Forensics As Do-It-Yourself or “DIY” becomes a more common practice at law firms, it is becoming more important to evaluate the risks associated with doing certain things yourself. Eric Shirk examines the dangers of using DIY for computer forensics and suggests alternatives that are safer for your firm. A Do-It-Yourself, or “DIY,” trend has permeated the legal industry when it comes to electronic discovery and litigation consulting services. In an effort to reduce costs, law firms and corporations are building internal teams to rely less on outside vendors, with varying degrees of success. However, certain DIY missions in litigation are fraught with peril and should be carefully examined. Such is the case with computer forensics, the discipline of digital evidence gathering and examination, which often culminates in expert testimony in a court of law. Computer forensics and the collection of digital evidence is a field with its deepest roots originating in law enforcement. Police and government investigators use various tools and techniques to mine digital evidence, tracking down perpetrators in both criminal and civil matters. With the recent explosion of electronically stored information (ESI) and eDiscovery in litigation, computer forensics is much more widespread now, and the demand for skilled professionals has outpaced the supply. Electronic discovery now appears in most cases, as e-mails have become a main form of communication, and electronic financial transactions and money management are commonplace. Since computer forensics services are frequently needed by legal counsel as well as corporate information technology (IT) departments, consultants have cropped up to fill the need. Truly qualified providers have the training and experience needed, both from a software proficiency and methodology standpoint. However, as with any burgeoning industry, there is a range of quality among consultants and prospective clients need to understand what they are. Source: http://www.abanet.org/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Computer Forensics for Lawyers • Presenting the Case • Functions of Lawyers • Identify the Right Forensic Expert • Check for Legitimacy • What Lawyers Should Know in the Forensic Process • Computer Forensics Cases This module will familiarize you with:
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Computer Forensics for Lawyers Presenting the Case Functions of Lawyers Identify the Right Forensic Expert Check for Legitimacy What Lawyers Should Know in the Forensic Process Computer Forensics Cases
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics for Lawyers Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery The critical errors can be avoided in the first place if the lawyers gain a fundamental understanding of how a computer stores data and the file management system
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Initial Information to be Known by Lawyers When an Incident Occurs Details and type of the incident occurred Date and time of the incident’s occurrence Any tampering done with the incident Actions taken after an incident Information about the person who first identified the incident Any loopholes found at the incident area Information about the person who has access to the system and the one who had accessed it last
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Presenting the Case This is a chance for the attorney to convince the judge that all measures have been taken to protect the computer in use, all data is recovered and the findings printed To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise your clients about “safe” data practices Have a working knowledge of how a computer stores data, and about where and how data resides after it is deleted Request the court to issue an order requiring the party in possession of the computer to refrain from any action that may impair the ability to recover latent or dynamic data
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know Firewall basics Network configuration Basic understanding of the e-mail’s infrastructure Warning Banners, logging, and monitoring Security policy Back-up process and technologies Types of computers and other electronic media • Laptop, PDA, personal computer
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Functions of Lawyers Study the client's document retention policies and data retention architecture Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Recognize the key players and IT personnel and directly communicate with them to ensure compliance and complete understandings Ask the relevant employees to submit electronic and hard copies of files Verify the files, electronic records, laptops, backup media, etc. Stop routine record management, recycling policies, and automatic deletion Take control over unauthorized access and tampering
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited When Do Lawyers Really Need to Hire a Forensic Expert? In matters involving a credible allegation of negligence or intentional destruction, or concealment, of electronic information In circumstances where it is likely that relevant and discoverable data exists, but is accessible only through the use of forensic restoration techniques
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Identify the Right Forensic Expert Is the examiner certified? How much experience does he have in computer forensics? How experienced is he/she as an expert witness? What are his/her service charges? Does he/she has the knowledge of federal rules of evidence Is he/she trained in evidence handling, investigation techniques, and information recovery tools? Does he/she possess the ability to identify the system’s role in the event and can he develop a refined approach to find evidence?
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Industry Associations Providing Expert Forensic Investigators International Association of Computer Investigative Specialists (IACIS) High Technology Crime Investigation Association (HTCIA) High Tech Computer Network (HTCN) Computer Forensics Tool Testing (CFTT) Federal Law Enforcement Training Center (FLETC) Seized Computer Evidence Recovery Specialist (SCERS) Treasury Computer Forensic Training Program (TCFTP) Federal Bureau of Investigation (FBI)
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Legitimacy Check whether an incident has actually occurred Check whether the investigating team who perform forensics are experienced and certified or not Ensure that the evidence is legally accepted Make sure that forensics is performed within the policies and procedures Ensure that individuals who serve as evidence are genuine Check whether the documentation speaks same as that of the forensic process Check that no extra information or evidence without any relation to the case is included in the final report to the court
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Know in the Forensic Process Law and policies followed in the forensic process Information from the first responder Understanding file systems Data acquisition and duplication Incidents handled Tools used in computer forensics Deleted files and partitions recovered Application password cracking Network forensics and investigating logs Network Traffic, wireless attacks, web attacks, and DoS attacks Trademark and copyright infringement
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Makes Evidence Inadmissible in the Court Defragmenting your disk, zipping your data, or installing/uninstalling applications on your system Overwriting backup media and swapping the file area Disposing of machines or media Deleting, moving, or modifying the discoverable evidence Disk optimization Metadata scrubbing/removal
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What Lawyers Should Expect from Forensic Examiner Document equipment such as hard disk drives along with their model, operating system and version, and file catalog Collect and document data sources such as backup tapes, firewall logs, and intrusion detection logs Protect secure items such as notepads, papers, photos, books, and other materials gathered from the suspect’s office Develop a chain of custody that proves both physical and electronic evidence have been stored in its original state Recognize system relationship to the event and developing an approach for finding evidence Locate and document the evidence
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Lack for knowledge about electronic data with the experience grounded exclusively on paper discovery, makes it hard for lawyers to meet the challenge of digital data discovery To be prepared to instruct the court, examine and choose a computer forensics effort, understand and advise clients about “safe” data practices Provide a “litigation hold” for all relevant information with regular alerts when there is a chance of litigation Ensure that no extra information or evidence without having any relation to the case, is included in the final report to the court
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited