SlideShare a Scribd company logo

Raidprep

CTIN, profile picture
CTIN

This document provides guidance for conducting a high tech raid and seizing computer evidence. It outlines the roles and responsibilities of various teams including: a case supervisor to oversee the operation; an interview team; a sketch and photo team to document the scene; a physical search team; a security team; and a technical evidence seizure team to properly handle computer equipment. It emphasizes having the right personnel with the necessary skills and equipment to thoroughly collect electronic evidence while maintaining a chain of custody.

TechnologyBusiness
1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Conducting the High Tech Raid Planning Resource Collection Practice Review Execution
Planning S ituation M ission E xecution A venues of approach and escape C ommunication
Computer Search Warrant Team Even when just one stand-alone computer is seized there is too much to do for just one person to handle. All of the work can be accomplished by two people when necessary but the time on scene is reduced directly in relation to the number of additional trained personnel available.
Computer Search Warrant Team The Search Warrant Team is a best case scenario. In the real world, you may not have the number of people available to form a complete team and one person may be required perform several functions to compensate.
Computer Search Warrant Team Know the skills and abilities of your team and use them in the function they are best qualified to perform. Don't be afraid to call for outside expert assistance. Generally speaking, the time required is directly related to the number of people on hand to take care of the crime scene and the quality of the equipment used to backup the systems.
Computer Search Warrant Team We strongly recommend computer crime investigators have a powerful portable or laptop computer, high capacity SCSI/Parallel tape drive, SCSI cards and necessary cables, investigative software and other equipment at hand which allows for obtaining data or disk images as dictated by the facts of the case.
Case Supervisor The Case Supervisor should have extensive investigative experience in complex cases. The Case Supervisor handles all media relations, manages and schedules manpower and equipment needs and oversees the case. He may not have to stay at the scene beyond the initial entry and securing of the scene.
Interview Team This team is comprised of one or more people depending on the number of suspects and persons to be interviewed. Their responsibility is to interview each witnesses/suspect. These team members should have excellent Interview & interrogation skills.
Sketch & Photo Team This team is comprised of one or more persons. Immediately sketch search scene and assign room letters. Photograph scene and all evidence. They may use any or combination of Polaroid, 35mm, digital and or video cameras. We strongly suggest the use of digital and video cameras.
Sketch & Photo Team We have had a case actually hinge on a picture of a door lock we were not even concerned about when serving the warrant but the issue of whether or not a lock was on the door or not became critical during the trial. Photograph the entire scene inside and out.
Note: When using a video camera, turn the sound off (as required by Washington State “all party consent law”) If this is not possible the entire team needs to be aware the scene is being recorded and they should be very careful what they say as it will be recorded for posterity and words lightly spoken could prove to be embarrassing when viewed in court.
Physical Search Team This team is comprised of one or more persons assigned to search each room. They locate and mark evidence in each room with colored stick on dots for easy location by the Seizure Team. They do not need to be computer experts but should be throughly briefed on the items to search for and they should be thorough.
Security and Arrest Team Provide physical security of building entrances, persons and evidence as needed. They also handle arrests, transportation and interview of suspects. The size of this team can almost never be too large considering the available man power. This team is often comprised of uniform patrol officers.
Technical Evidence Seizure and Logging Team This team is comprised of two or three people who seize evidence, enter evidence data into the computer, label the evidence and place it in bags or boxes and label the boxes after evidence is photographed. This team is responsible for taking down a computer after the area is secure and the computer is photographed.
Sketch & Photo Team This team should include at least one person who is a computer investigator and another who ideally is a computer professional who has received specialized training in the handling and evaluation of evidence. In most instances this technical team will also conduct forensic analysis of the evidence. When a regional, state or Agency lab is not available for such duties. Some agencies simply box up the computer and send the evidence to a lab for analysis.
Sketch & Photo Team This team should include at least one person who is a computer investigator and another who ideally is a computer professional who has received specialized training in the handling and evaluation of evidence.
Sketch & Photo Team In most instances this technical team will also conduct forensic analysis of the evidence. When a regional, state or Agency lab is not available for such duties. Some agencies simply box up the computer and send the evidence to a lab for analysis.
Note:Consider skills in handling and recognition of evidence in picking team members. Use members in context of their skills and abilities If law enforcement is involved in the case they should be local officers as they will be needed in court for "chain" of custody issues and they should know how to handle the electronic and magnetic evidence found.
The Technical Evidence Seizure and Logging team Decides on appropriate action after discussing special circumstances with the Case Manager. They backup the computer to removable media, run investigative software and shut down the system.
The Technical Evidence Seizure and Logging team They then mark all cables and safely pack the computer, cables and attachments in preparation for transport. They then insure all evidence is logged and marked by Seizure and Evidence Team.
The Technical Evidence Seizure and Logging team For investigations involving a large number of computers, the Case Manager may appoint either an investigator or computer expert proficient in both roles to be in charge of all computer seizure teams and to handle all technical questions and problems.

More Related Content

PPT
Crime Scene Investigations
CTIN
 
PDF
Forensic Expert Cross Examination
ivneetsingh
 
PPTX
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...
Jorge Orchilles
 
PDF
Become an Internet Sleuth!
Nearpod
 
PPT
July132000
CTIN
 
PPTX
Capturing forensics image
Chris Harrington
 
PPTX
Facebook Forensics Toolkit(FFT)
Shuvo Sarker
 
PPT
G Infomgnt
CTIN
 
Crime Scene Investigations
CTIN
 
Forensic Expert Cross Examination
ivneetsingh
 
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...
Jorge Orchilles
 
Become an Internet Sleuth!
Nearpod
 
July132000
CTIN
 
Capturing forensics image
Chris Harrington
 
Facebook Forensics Toolkit(FFT)
Shuvo Sarker
 
G Infomgnt
CTIN
 

Viewers also liked (20)

PPT
Edrm
CTIN
 
PPTX
NTFS vs FAT
Tanveer Ahmed
 
PPTX
Files and Folders in Windows 7
RIAH ENCARNACION
 
PPT
Linux forensics
Santosh Khadsare
 
PPTX
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
Basis Technology
 
PPTX
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
PPT
Installation of Joomla on Windows XP
Rupesh Kumar
 
ODP
File carving tools
Marco Alamanni
 
PDF
Windows 7 forensics -overview-r3
CTIN
 
PPTX
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
PPT
File system
Harleen Johal
 
PDF
Windows logging cheat sheet
Michael Gough
 
PPT
Registry forensics
Prince Boonlia
 
PPT
Computer Forensics & Windows Registry
somutripathi
 
ODP
Introduction to memory forensics
Marco Alamanni
 
PPT
Part6 Private Sector Concerns
CTIN
 
PDF
Forensic Anaysis on Twitter
Yansi Keim
 
PDF
Cheatsheet of msdos
Shuvradeb Barman Srijon
 
PDF
The Future of Digital Forensics
00heights
 
PPT
File Management Presentation
SgtMasterGunz
 
Edrm
CTIN
 
NTFS vs FAT
Tanveer Ahmed
 
Files and Folders in Windows 7
RIAH ENCARNACION
 
Linux forensics
Santosh Khadsare
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
Basis Technology
 
Computer forensic 101 - OWASP Khartoum
OWASP Khartoum
 
Installation of Joomla on Windows XP
Rupesh Kumar
 
File carving tools
Marco Alamanni
 
Windows 7 forensics -overview-r3
CTIN
 
Windows 10 Forensics: OS Evidentiary Artefacts
Brent Muir
 
File system
Harleen Johal
 
Windows logging cheat sheet
Michael Gough
 
Registry forensics
Prince Boonlia
 
Computer Forensics & Windows Registry
somutripathi
 
Introduction to memory forensics
Marco Alamanni
 
Part6 Private Sector Concerns
CTIN
 
Forensic Anaysis on Twitter
Yansi Keim
 
Cheatsheet of msdos
Shuvradeb Barman Srijon
 
The Future of Digital Forensics
00heights
 
File Management Presentation
SgtMasterGunz
 
Ad

Similar to Raidprep (20)

PDF
Lab 1 Bag & Tag (cyber forensics)
MUSAAB HASAN
 
PPT
Criminal Investigative Team
CTIN
 
PPT
Seizing Electronic Evidence & Best Practices – Secret Service
Gol D Roger
 
PPTX
Processing Crimes and Incident Scenes
primeteacher32
 
PPT
Evidence Seizure Level One
CTIN
 
PPT
Evidence Seizure
CTIN
 
PPT
Evidence Seizure Sandyb
CTIN
 
DOCX
Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx
AASTHA76
 
PDF
Best Practices For Seizing Electronic Evidence v.3: A Pocket Guide for Firs...
David Sweigert
 
PPTX
BASICS OF INVESTIGATION OF CYBER CRIME CASES.pptx
ALISHAARORA31
 
PPT
Bag and Tag
CTIN
 
PPTX
Crime Scene Processing Ol
warren142
 
PPTX
Crime Scene Processing Ol
warren142
 
PPTX
Crime Scene Processing Ol
warren142
 
PDF
DOJ
Andrei Bujaki
 
PDF
Search & Seizure of Electronic Evidence by Pelorus Technologies
urjarathi
 
PDF
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
PPTX
PACE-IT: Basic Forensic Concepts
Pace IT at Edmonds Community College
 
PPT
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
CTIN
 
PPTX
Introduction To Forensic Methodologies
Ledjit
 
Lab 1 Bag & Tag (cyber forensics)
MUSAAB HASAN
 
Criminal Investigative Team
CTIN
 
Seizing Electronic Evidence & Best Practices – Secret Service
Gol D Roger
 
Processing Crimes and Incident Scenes
primeteacher32
 
Evidence Seizure Level One
CTIN
 
Evidence Seizure
CTIN
 
Evidence Seizure Sandyb
CTIN
 
Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx
AASTHA76
 
Best Practices For Seizing Electronic Evidence v.3: A Pocket Guide for Firs...
David Sweigert
 
BASICS OF INVESTIGATION OF CYBER CRIME CASES.pptx
ALISHAARORA31
 
Bag and Tag
CTIN
 
Crime Scene Processing Ol
warren142
 
Crime Scene Processing Ol
warren142
 
Crime Scene Processing Ol
warren142
 
DOJ
Andrei Bujaki
 
Search & Seizure of Electronic Evidence by Pelorus Technologies
urjarathi
 
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
PACE-IT: Basic Forensic Concepts
Pace IT at Edmonds Community College
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
CTIN
 
Introduction To Forensic Methodologies
Ledjit
 
Ad

More from CTIN (20)

PPTX
Mounting virtual hard drives
CTIN
 
PPTX
Open Source Forensics
CTIN
 
PDF
Encase V7 Presented by Guidance Software august 2011
CTIN
 
PDF
Windows 7 forensics event logs-dtl-r3
CTIN
 
PPTX
Msra 2011 windows7 forensics-troyla
CTIN
 
PPTX
Windows 7 forensics thumbnail-dtl-r4
CTIN
 
PPTX
Windows 7 forensics jump lists-rv3-public
CTIN
 
PPTX
Time Stamp Analysis of Windows Systems
CTIN
 
PPT
Vista Forensics
CTIN
 
PPT
Mac Forensics
CTIN
 
PPT
Nra
CTIN
 
PPT
Live Forensics
CTIN
 
PPT
Translating Geek To Attorneys It Security
CTIN
 
PPT
Computer Searchs, Electronic Communication, Computer Trespass
CTIN
 
PPT
CyberCrime
CTIN
 
PPT
Search Warrants
CTIN
 
PDF
Sadfe2007
CTIN
 
PPT
Networking Overview
CTIN
 
PPT
M Compevid
CTIN
 
PPT
L Scope
CTIN
 
Mounting virtual hard drives
CTIN
 
Open Source Forensics
CTIN
 
Encase V7 Presented by Guidance Software august 2011
CTIN
 
Windows 7 forensics event logs-dtl-r3
CTIN
 
Msra 2011 windows7 forensics-troyla
CTIN
 
Windows 7 forensics thumbnail-dtl-r4
CTIN
 
Windows 7 forensics jump lists-rv3-public
CTIN
 
Time Stamp Analysis of Windows Systems
CTIN
 
Vista Forensics
CTIN
 
Mac Forensics
CTIN
 
Nra
CTIN
 
Live Forensics
CTIN
 
Translating Geek To Attorneys It Security
CTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
CTIN
 
CyberCrime
CTIN
 
Search Warrants
CTIN
 
Sadfe2007
CTIN
 
Networking Overview
CTIN
 
M Compevid
CTIN
 
L Scope
CTIN
 

Recently uploaded (20)

PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
A Presentation on Touch Screen Technology
memembruh336
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
project resource management chapter-09.pdf
ssuser00e6e21
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
August Patch Tuesday
Ivanti
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 

Raidprep

  • 1. Conducting the High Tech Raid Planning Resource Collection Practice Review Execution
  • 2. Planning S ituation M ission E xecution A venues of approach and escape C ommunication
  • 3. Computer Search Warrant Team Even when just one stand-alone computer is seized there is too much to do for just one person to handle. All of the work can be accomplished by two people when necessary but the time on scene is reduced directly in relation to the number of additional trained personnel available.
  • 4. Computer Search Warrant Team The Search Warrant Team is a best case scenario. In the real world, you may not have the number of people available to form a complete team and one person may be required perform several functions to compensate.
  • 5. Computer Search Warrant Team Know the skills and abilities of your team and use them in the function they are best qualified to perform. Don't be afraid to call for outside expert assistance. Generally speaking, the time required is directly related to the number of people on hand to take care of the crime scene and the quality of the equipment used to backup the systems.
  • 6. Computer Search Warrant Team We strongly recommend computer crime investigators have a powerful portable or laptop computer, high capacity SCSI/Parallel tape drive, SCSI cards and necessary cables, investigative software and other equipment at hand which allows for obtaining data or disk images as dictated by the facts of the case.
  • 7. Case Supervisor The Case Supervisor should have extensive investigative experience in complex cases. The Case Supervisor handles all media relations, manages and schedules manpower and equipment needs and oversees the case. He may not have to stay at the scene beyond the initial entry and securing of the scene.
  • 8. Interview Team This team is comprised of one or more people depending on the number of suspects and persons to be interviewed. Their responsibility is to interview each witnesses/suspect. These team members should have excellent Interview & interrogation skills.
  • 9. Sketch & Photo Team This team is comprised of one or more persons. Immediately sketch search scene and assign room letters. Photograph scene and all evidence. They may use any or combination of Polaroid, 35mm, digital and or video cameras. We strongly suggest the use of digital and video cameras.
  • 10. Sketch & Photo Team We have had a case actually hinge on a picture of a door lock we were not even concerned about when serving the warrant but the issue of whether or not a lock was on the door or not became critical during the trial. Photograph the entire scene inside and out.
  • 11. Note: When using a video camera, turn the sound off (as required by Washington State “all party consent law”) If this is not possible the entire team needs to be aware the scene is being recorded and they should be very careful what they say as it will be recorded for posterity and words lightly spoken could prove to be embarrassing when viewed in court.
  • 12. Physical Search Team This team is comprised of one or more persons assigned to search each room. They locate and mark evidence in each room with colored stick on dots for easy location by the Seizure Team. They do not need to be computer experts but should be throughly briefed on the items to search for and they should be thorough.
  • 13. Security and Arrest Team Provide physical security of building entrances, persons and evidence as needed. They also handle arrests, transportation and interview of suspects. The size of this team can almost never be too large considering the available man power. This team is often comprised of uniform patrol officers.
  • 14. Technical Evidence Seizure and Logging Team This team is comprised of two or three people who seize evidence, enter evidence data into the computer, label the evidence and place it in bags or boxes and label the boxes after evidence is photographed. This team is responsible for taking down a computer after the area is secure and the computer is photographed.
  • 15. Sketch & Photo Team This team should include at least one person who is a computer investigator and another who ideally is a computer professional who has received specialized training in the handling and evaluation of evidence. In most instances this technical team will also conduct forensic analysis of the evidence. When a regional, state or Agency lab is not available for such duties. Some agencies simply box up the computer and send the evidence to a lab for analysis.
  • 16. Sketch & Photo Team This team should include at least one person who is a computer investigator and another who ideally is a computer professional who has received specialized training in the handling and evaluation of evidence.
  • 17. Sketch & Photo Team In most instances this technical team will also conduct forensic analysis of the evidence. When a regional, state or Agency lab is not available for such duties. Some agencies simply box up the computer and send the evidence to a lab for analysis.
  • 18. Note:Consider skills in handling and recognition of evidence in picking team members. Use members in context of their skills and abilities If law enforcement is involved in the case they should be local officers as they will be needed in court for "chain" of custody issues and they should know how to handle the electronic and magnetic evidence found.
  • 19. The Technical Evidence Seizure and Logging team Decides on appropriate action after discussing special circumstances with the Case Manager. They backup the computer to removable media, run investigative software and shut down the system.
  • 20. The Technical Evidence Seizure and Logging team They then mark all cables and safely pack the computer, cables and attachments in preparation for transport. They then insure all evidence is logged and marked by Seizure and Evidence Team.
  • 21. The Technical Evidence Seizure and Logging team For investigations involving a large number of computers, the Case Manager may appoint either an investigator or computer expert proficient in both roles to be in charge of all computer seizure teams and to handle all technical questions and problems.