Awesome Email Karl, I completely forgot about about the NCJRS PDF !!!
Thanks for the additional information as well - Great Information!
- Robert
arch3angel
On 12/9/2009 5:16 PM, Karl Schuttler wrote:
FTK Imager is a pretty good (and free) imaging software. Digital chain
of custody is very similar to your regular chain of custody; there
isn't any standard form for it. Attached is one I whipped up for my
digital forensics class in openoffice calc, based off of
http://www.precisecyberforensics.com/CoC.html. I've also attached it
in excel format, but I don't know if the formatting gets messed up.
The Forensic Examination of Digital Evidence: A Guide for Law
Enforcement (http://www.ncjrs.gov/pdffiles1/nij/199408.pdf) is a good
start for general procedures in the seizure of digital evidence. It
also has some nice worksheets in the middle of it used by the DEA.
Finally, I assume that the prosecutor would be aware of this, but some
states have laws in regards to who can perform a forensic evaluation.
In MI, for example, there is some draconian criteria you have to
follow to be legit, such as the requirement to have a PI license; if
you perform digital forensics there and do not follow their
guidelines, you are committing a felony. It would be worthwhile to
make sure any work you're doing for the state isn't illegal.
http://www.forensicmag.com/articles.asp?pid=273 lists the laws for
Arizona, California, and South Carolina.
Hope this helped,
Karl
On Wed, Dec 9, 2009 at 12:55 PM, Tyler Robinson<[email protected]> wrote:
Hey all looking for some of the fantastic advice that the pauldotcom
listeners always provide. I am helping our prosecuting attorney with
evidence from a hard drive, I am wondering what software everyone is using
to make the drive images, and if anyone knows of a good website that has all
the proper forms ex. digital chain of custody, and also some checklists or
guidelines. I know that Helix is a widely accepted linux distro for this
sort of thing but dont have much experience with it. I also have a copy of
FTR and have worked with it a bit. So any advice at all is always
appreciated. Thanks again and Thanks to Paul and Larry for bringing together
such a dynamic group of Security professionals and a great show.
--
Tyler Robinson
Owner of Computer Impressions and Tactical Network Security
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
